Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
380
hpr_transcripts/hpr0472.txt
Normal file
380
hpr_transcripts/hpr0472.txt
Normal file
@@ -0,0 +1,380 @@
|
||||
Episode: 472
|
||||
Title: HPR0472: Interview with Ryan Dewhurst
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0472/hpr0472.mp3
|
||||
Transcribed: 2025-10-07 21:17:52
|
||||
|
||||
---
|
||||
|
||||
music
|
||||
Welcome polka out of the listeners to Hacker Public Radio. I'm your host for the show
|
||||
of Phoenix and I'd like to welcome you one and all. I'm lucky enough to be joined by
|
||||
another awesome guest, Ryan Jewhurst. Ryan, could you introduce yourself to the Hacker
|
||||
Public Radio audience? Yes, certainly. Hello, Hacker Public Radio audience. My name is
|
||||
Ryan Jewhurst. I'm an ethical hacking for computer-street student at Northumbria University.
|
||||
I've worked on a few open source projects, probably the most popular one being Dambonville
|
||||
Web App. I've done a little bit of open source work for Nick Tor, W3AF and another project
|
||||
of mine called Screen Damb. Okay, first and foremost, Ryan, it's really, I'm really
|
||||
grateful that you could top on the line with me here. I suppose the first question I have
|
||||
for you is, you know, one is by you to start a project like Dambonville Web App and kind
|
||||
of bolted on to that. Now, how would you best describe to the Hacker Public Radio audience
|
||||
what actually is Dambonville Web App? Yeah, if before we start, would it be okay if I give
|
||||
a quick disclaimer? Yeah, that would be okay. Yeah, that's fine. Go for it. Fantastic. I'd
|
||||
just like to say that obviously my views are my own. They don't represent the views of
|
||||
anyone else. For example, like my university's, yeah, that's all really. Okay, and carrying
|
||||
on with the question. Yeah, it actually started last year. December last year, I wanted to
|
||||
get started. I wanted to learn more about Web Application Security. I had the books and
|
||||
everything, just not the practical knowledge. So I thought the best way to learn Web Application
|
||||
Security was to actually build on myself. And in the process, I made it insecure and secure
|
||||
at the same time, which would sort of taught me how to make a secure application. I think the best
|
||||
way to learn is to sort of hands on practical and it also makes it legal as well. You know, you
|
||||
do it on your own machine, local host, not getting into trouble at all. So basically it's, as the
|
||||
name suggests, it's a Web Application that's really vulnerable. Not only that it has lots of
|
||||
features in there for people to teach Web Application Security or people to learn Web Application
|
||||
Security features such as we have the security level and let's go off from lower medium to high
|
||||
levels. Lower being no security, medium being bad security and high being should be unhackable
|
||||
in theory. Not always the case. And there's other features. It's got PHP IDS installed on there,
|
||||
which can enable and disable and lots of other things as well. So really the idea of, really,
|
||||
the inspiration for Damvenable Web App was something legal for you to practice your skills on.
|
||||
Exactly. I think at the time I was messing around with Python, building brute force scripts,
|
||||
brute force HTML forms. I had nothing to test my scripts on legally, so I'd pop Damvenable
|
||||
Web App together so then I could test my tools and improve them. And then I thought, well, I
|
||||
could extend this and sort of practice my SGO injection skills. So I put an SGO injection on there
|
||||
and it sort of went from there. Okay. I mean, but who is Damvenable Web App aimed for?
|
||||
I'm sorry, could you feed the question? Yes, sorry. Who would you say Damvenable Web App
|
||||
is aimed towards them? I'd say mainly it's aimed towards the students. People want to learn
|
||||
Web Application Security. It can be as easy or as hard as you want it to be with the security
|
||||
levels. There's also helps and tips throughout the application. But I'd say it's definitely
|
||||
for the newcomers to Web Application Security to test out their skills on and get better.
|
||||
It's not so much finding the vulnerabilities, it's more the exploitation of the vulnerabilities,
|
||||
maybe also combining the different vulnerabilities to, you know, to put on a box, if you will.
|
||||
I mean, it's really good, it is enabling you to produce, you know, use different vulnerability
|
||||
scanners per se and actually use to build your skill up using tools to find those
|
||||
similar vulnerabilities that you've deployed within Damvenable Web App. Yeah, you know,
|
||||
I mean, carry on, sorry. Sorry, that's the good thing about you. Not only can you practice your
|
||||
skills on there, you can fire tools against it, see how they compare, see what they miss, tweak
|
||||
them, see if they pick up anything better, or just to learn how the actual tool works itself.
|
||||
I mean, it seems to me that almost it's an evolving project that, you know, what you started off
|
||||
with by default will get bigger and bigger and bigger as more people start throwing more tools
|
||||
and more ideas and more hacks at it. Am I right in thinking that? Has this project grown quite a
|
||||
lot since your first start of the day? Definitely, yeah. I mean, I started off in December last
|
||||
year. I'd say I kept it for myself for a few months before releasing it. I didn't think
|
||||
maybe no one else would find it useful apart from myself, but I put it out there anyway and I got
|
||||
loads of good feedback. So I thought, well, you know, this may be a project's worth expanding. So
|
||||
I did a lot more work on it. I got to version zero, one zero four, pretty much on my own with
|
||||
your suggestions. And then from one zero four, I managed to get a lot of talented people involved
|
||||
as well. That's when the community really grew and we managed to get one zero five out, which is
|
||||
the latest version, which is out now, which is, it's come a long way from that first better version
|
||||
back in December. So you have an open source community kind of behind you and obviously you're
|
||||
working with them as well. So you already have a community behind you working with you as well,
|
||||
that's kind of really awesome, right? I mean, it's that it's that sort of the benefits you
|
||||
were looking at by making down the available web app open. So I'm writing thinking that it's
|
||||
released on the GPL version two or is it three or if I got that completely wrong?
|
||||
Version three of the top of my head without having to look, I'm not too sure whether it's two or
|
||||
three to be honest, but I think it's three. Yeah, that was a general idea. So get it out there,
|
||||
get people contributing. They're getting, you know, their names out there because I've got their
|
||||
links on damn vulnerable web app. They're getting to better their skills and, you know, it's just
|
||||
great to get involved and build a community up. I mean, what was, I suppose it's kind of a hard
|
||||
question to ask you, but what was the biggest lesson that you learned from starting the damn
|
||||
vulnerable web app project? The biggest lesson that I learned. Let me try and think about this one.
|
||||
I think I learned the best thing I learned was was the actual security itself.
|
||||
So maybe PHP in itself isn't insecure, but the code is insecure. That's probably the biggest
|
||||
thing that I learned. It's not PHP itself, but it's how the developers use it, which makes it
|
||||
insecure. Also, in kind of like your opinion with web applications then, is it fair to say that
|
||||
maybe the developers need to start testing their skills using damn vulnerable web app?
|
||||
Definitely, yeah. I mean, one of the main developers apart from myself that I had
|
||||
working on damn vulnerable web app is actually a web application developer himself.
|
||||
So yeah, so he definitely learned a lot about security from me and I learned a lot about, you know,
|
||||
developing from himself with PHP. So it's definitely developers can learn from it and learn to
|
||||
secure their applications. There's a view source button where you can compare the law security,
|
||||
medium and high security source code. So you can see exactly what's making the application
|
||||
secure and what's making it insecure. So it's very easy to sort of, you know, see what's going on
|
||||
there. I mean, I've played around with it a little bit and I've, you know, first and foremost,
|
||||
I think it's a really good, good project and anyone who's interested in either learning how to
|
||||
use tools like NASAs and so on and so forth should definitely download a copy of it. But I've also
|
||||
sat there and thought that this would be a really good project for developers to be shown
|
||||
in some ways what not to do. You know, I mean, in some ways, you know, if you were looking at doing
|
||||
this, this is maybe a viable solution here. Because I'm all right in thinking that the high
|
||||
security stuff is actually more to do with, you know, using any third party programs or anything
|
||||
like that is to do with how the code was rewritten almost. Yeah, it's not even rewriting the code.
|
||||
It's just adding code in there to make it secure. It's just sort of like sanitizing the user
|
||||
input, which is a big, you know, security flow within web applications. So it's just sort of
|
||||
sanitizing that input, sanitizing the output. But you can, yeah, you can use the code on there
|
||||
as examples and then you can definitely use those within your own applications. I mean,
|
||||
it's been tested daily by, you know, hundreds of students. So if they can get past it,
|
||||
they'll let me know that I've fixed the bug. So it's probably very secure.
|
||||
It's an interesting concept that what your bugs are is actually secure, is being secure. You know,
|
||||
it's a great concept. I mean, if you, if you would kind of,
|
||||
is there anything that you would change about how you would do the project? If you, you know,
|
||||
with the experience that you've picked up now and what, what you've learned, if you were approached
|
||||
and said, right, we want you to do damverable web up too. We want you to take all the lessons
|
||||
that you learned from damverable web up and apply it to this project. Is there anything,
|
||||
anything that screams out to you that you would do differently?
|
||||
I would probably get the application more mature before releasing it to the community. I'm not sure if
|
||||
from looking back, that probably would have been a benefit to me because when it matured,
|
||||
that's when I got the most people involved in it. They took it more seriously.
|
||||
But I'm not sure looking back, it seems like a benefit if I would have released it more mature,
|
||||
but because it's the only one I've really released myself, I wouldn't be sure if that would be
|
||||
a benefit or not. Yeah, I mean, I haven't found myself shooting myself in a foot because I gave
|
||||
you a swerve ball there because I was interested in, and you know, it seems in some ways that it's
|
||||
a young project, but it seems that it's starting to grow fast, you know, mature and learn lessons
|
||||
very, very quickly. I mean, I was shocked when you told me earlier on that project itself isn't
|
||||
really that old. You know, when did you say December last year?
|
||||
Yep, December last year, I started it just for myself, really. And then,
|
||||
I must have been, sorry, I released it in December, so I must have started it a few months before.
|
||||
So yeah, still a young project. I mean, it's under a year, 12 months old. It's come along with
|
||||
since then and hopefully will go a long way in the next 12 months. I'm currently taking a,
|
||||
I released 105 on the third of September, so not so long ago after three months work on it.
|
||||
So I'm currently taking a month away from it to get settled into university and then
|
||||
I'm going to get bang into it again and get the next version out there.
|
||||
Now, we can, we're can people, we're, we're going to have to probably radio guys go and find
|
||||
down vulnerable web out of them. Yeah, we have it. We're, has it's on on website, which is,
|
||||
which is quite new, I released it about a month ago. It's a dvwa.co.uk or you can go on the source,
|
||||
source for projects page, which is, here's ttps, sourceforge.net,
|
||||
projects, for us, dvwa. And on there, you can, you can get the sbn and download the
|
||||
unstable version, you know, the production version. On the website, we've got forums on there,
|
||||
we've got blogs and getting involved in the community and so maybe give feedback ideas and
|
||||
stuff like that. Talking about that, I mean, as, as well documented, my love for the
|
||||
open source community and the, the, the, the great things that can be achieved by the, the,
|
||||
letting something free and letting, letting people run with ideas. How can people, how can,
|
||||
see the average show listening to us today? How can they get involved with the
|
||||
downloadable web app project? Yeah, I mean, anyone's welcome to getting involved, no matter
|
||||
what your, your skillset or your knowledge is. The best way really is just to download it.
|
||||
I have a player with it, if you have any suggestions, maybe some features you'd like
|
||||
add in, maybe you've found a, a bug that shouldn't be a bug in there. What you can do is,
|
||||
you can go on the dvda.co.uk forums, put a post in there, let us know about it. And if,
|
||||
if you're serious, you want to contribute lots of code to the project, we'll give you SBN access.
|
||||
And you can, and you can start contributing code to it as well.
|
||||
Sorry, Bala. The, is, is, is the scope for people who, maybe not so technical in nature,
|
||||
but, you know, maybe much let myself where, where, you know, be happy to sit down and work
|
||||
with the downloadable web app and maybe produce documentation, like how two guides and set up guides
|
||||
and stuff like that is, have you got lots of documentation there, or are you needing hunts
|
||||
with that as well? Definitely, yeah, I mean, at dvda.co.uk a young project, the documentation,
|
||||
we have had some people do bits and bobs here in there, but we don't have a definite sort of
|
||||
documentation guide put together at the moment. So yes, if there's anyone out there, you know,
|
||||
who wants to put some documentation together, maybe document the different vulnerabilities,
|
||||
how they work, how to exploit them, and stuff like that, that, yeah, that would be great.
|
||||
You'll get past, do you know something from the community?
|
||||
Yeah, definitely something we need to look into, yeah.
|
||||
I've often said this before, and as I suppose I know that the authors of projects tend to shy away
|
||||
when you call them developers and chief developers and so on and so forth, because they're parts of
|
||||
teams and they don't want to take, they don't want to take cute or so away from other people as well,
|
||||
but a question that I've often thought and I've said quite a lot as I've talked to people about how
|
||||
they can contribute to open source projects before, and one of the things I've said to my kind of
|
||||
friends that speak lots of different languages, new languages, not their first given language,
|
||||
they're actually translating an open source project's documentation into another language,
|
||||
it's probably a great asset because what enables you to say you had your project translated
|
||||
into Russian or Polish or something like that, that you'd be able to get those developers
|
||||
and those people interested who are able to read your document involved in that community and
|
||||
bring in their experience and their ideas and what's your thought? Definitely.
|
||||
I mean definitely, I mean the part of it being open source is that it's not restricted
|
||||
to the UK where it was built for anyone around the world can contribute with so many different
|
||||
types of expertise or knowledge. Surprisingly enough we do have a big
|
||||
Asian following from China, Japan we get a lot of downloads from there, not so much feedback or
|
||||
contributions but there seems to download it quite often, so you have to get them involved and
|
||||
writing documentation or giving it some feedback will definitely be a benefit to the project.
|
||||
Awesome. So as far as downloadable web art is concerned, download it.
|
||||
Now I've heard you say this before and I know you've been echo it right now,
|
||||
do not install this on an internet facing machine.
|
||||
Definitely. And last you've been drinking tequila and want to shoot yourself in the head afterwards.
|
||||
Yeah, exactly. Yeah, it's surprising. I mean I've put warnings wherever a warning will fit
|
||||
on the application to warn people not to put it on an internet facing. You've been surprised
|
||||
how often it does happen. Some people even email me that they're IP address with
|
||||
downloadable web art installed on it. It's probably not the brightest thing in the world to do.
|
||||
Just in case listeners don't get what we're saying is that this is an incredibly vulnerable web
|
||||
application. If you put it on internet facing, this is a good likelihood that you'll coin the
|
||||
term here. Your box is going to get popped. Definitely. I mean it's a certainty. It's not even a
|
||||
maybe or could be. It's going to get hacked. You leave this up on, even if you've got it up for
|
||||
half an hour an hour, I wouldn't advise it at all. Just don't do it. It's got, I've taken some
|
||||
measures to stop people doing that. Obviously some people do take those measures out for whatever.
|
||||
That's really reasons they have. It's a very responsible approach there, I mean. It's probably
|
||||
friend a lot of other developers in that kind of area would go up at the wardings up and if you're
|
||||
stupid enough not to read the warnings, then you're thus you should get what you deserve. It seems
|
||||
like you've appreciated that that's a real life problem. Sometimes we have to take ownership
|
||||
ourselves to ensure that this doesn't happen. My recommendations, I know your recommendations
|
||||
to use is the XAMP. Great recommendation. Definitely. I use XAMP. I miss self. I stuck it in a
|
||||
virtual box and I used a program from there's an organization called Turnkey Linux and they do
|
||||
a very nice Ubuntu based lamp server. It's like 120 meg or something like that. It stores really
|
||||
fast. I stock that into a virtual box and then put your application on it and then I can snapshot
|
||||
it and then whatever happens then doesn't matter. Obviously the same with XAMP as well is the
|
||||
theory. If you put it on a real life web server, you may have to pay the price at some point
|
||||
to the fiddler that's for sure. Definitely. One thing we have been considering is put in
|
||||
DVWA on a live CD anyway. So as well as having the raw PHP code and download and setting up
|
||||
the web server itself, having a live CD with a web server already set up and DVWA already installed.
|
||||
As a signal I have a damn vulnerable web app already set up on a straight up onto lamp server,
|
||||
nothing else and Turnkey gives you the ability to turn that into a live CD. So I could probably
|
||||
talk to you after this call and see if we can jittery poke and make a live CD because like I say,
|
||||
I think you're right, if you put it onto a live CD. It's much more secure for the user as well.
|
||||
Any, so as a quick crash course, wouldn't be your recommendation to a new user wanting to play
|
||||
with your application and learn a little bit, you know, I mean by that, you know, what sort of tools
|
||||
would you recommend that they use and try? Yeah, well, it's damn vulnerable web app is,
|
||||
it doesn't require any prior knowledge, basically. It's there to teach you. So we're not expecting
|
||||
you. We've made it as easy as possible for the beginner to use. On each vulnerability page,
|
||||
you'll notice if, whenever on anyone downloads it, there's more info at the bottom with links
|
||||
to give more information on those vulnerabilities. I mean, that's probably enough for anyone to get
|
||||
a test to install, exploiting these vulnerabilities. But what I would really recommend is a book called
|
||||
the, what's it called? The web application hackers handbook. I don't know if you've read that
|
||||
yourself. It's an amazing book. It covers lots of stuff in there. It's easy to read and
|
||||
it's like my Bible for web application security. It's got the pride place on the bookshelf. Awesome.
|
||||
And now I think we've talked about the project. I'm also incredibly desperate to speak to you
|
||||
about your university degree as some of the HPR listeners will know and some of them won't know.
|
||||
I also have studied an ethical hacking degree at another part in the UK and
|
||||
Ryan and myself, where we're part of this new breed of British academic organizations
|
||||
realising that there's an absolute need for degree qualified ethical hackers to be placed into
|
||||
the workplace. So I'd love to pick your brains about that for a little bit, if that's okay with
|
||||
your body. Yes, certainly, yeah. So what I'm doing is I'm doing ethical hacking for computer security.
|
||||
It's a bachelor of science degree on his degree at Northumbria University in Newcastle.
|
||||
Basically it's a four-year course, a sandwich course, so you do two years of a classroom learning
|
||||
as you would in any university, 30 years of placement. So you go out and actively find work,
|
||||
get a job in the industry, get a valuable experience, and then you come back for the final year
|
||||
and finish off your university degree. So what we learn is we do computer system fundamentals.
|
||||
Which is your processor, your memory, how all that works. We do databases, we start up with
|
||||
Oracle and we learn SQL. We did a computer crime investigation, network technology,
|
||||
programming in C, and obviously ethical hacking. We also do consultancy projects with companies
|
||||
outside the university to give us real-world experience as well. So yes, it's definitely a great
|
||||
course and if you're interested in security and you want to make it into a career, I definitely
|
||||
recommend going for an ethical hacking degree. And Northumbria is not the only place in the
|
||||
UK, as you said, you was, I can never remember the name of the place, Aberdeen show, was it? Aberdeen,
|
||||
if you're in the UK, bearing in mind that in the UK, we're not a list of universities and we
|
||||
can't tell you where all of them are, but my understanding is that there is the University of
|
||||
Aberdeen on D, which is University of Northumbria. Northumbria in Newcastle. I believe
|
||||
Coventry University as well is doing an ethical hacking course. I think there's also
|
||||
Sunderland, I think that it's not live yet, but they're starting to, which looks quite interesting.
|
||||
And there's a few here in there popping up all the time, I think now it's catching on, really catching up.
|
||||
University of Aberdeen on D as well, although I'm not at the university anymore, they've also
|
||||
started a master's in ethical hacking and security as well because of how popular it's been
|
||||
and the master's, I believe, is into its second GNL and numbers up and up and up and up.
|
||||
ethical hacking at Aberdeen is just numbers keep on doubling each year. Imagine your lecturers,
|
||||
your university are pretty much saying the same thing to you as well, that it's not a down to.
|
||||
Yeah, definitely. We were the first students to ever do ethical hacking at Northumbria University,
|
||||
so I only have the this year's students compared to and it's definitely doubled
|
||||
from last year to this year. And so it looks very popular of course.
|
||||
What was your favourite module then? I mean, I know you're going to say ethical hacking because
|
||||
what other ethical students are not going to say that, but what did you start doing that
|
||||
that you thought you made, you know, that you didn't think you'd like and you thought,
|
||||
Jesus Christ, actually, I really did like this. There's any particular module that you
|
||||
went in there thinking, this isn't for me, and life they're going, I really learned something
|
||||
interesting now. I think I found networking that the hardest, I've always, I've never had the
|
||||
chance with not being at university to play around with, you know, enterprise hardware.
|
||||
And I've always set up networks, you know, just just the home network. So I've found networking
|
||||
the most difficult at first until I got into it and I find that I learned the most from
|
||||
from that module and I thoroughly enjoy it. That's definitely my favourite module at the moment
|
||||
as well as ethical hacking of course. Unfortunately, the anticlimax that I went in,
|
||||
expecting databases to be done and surprise, surprise, that's exactly what they were.
|
||||
I didn't have to answer that either to be honest. Sorry for all your database people out there,
|
||||
I mean, I'm sure that stuff just rocks your world, but yeah, as an ethical hacker, it's,
|
||||
we just want to, as long as I can inject it. All we want to do is export the table or drop it
|
||||
one over to, you know, we don't really, we're not really interested in much more.
|
||||
What kind of modules of you, all you're going into your third year next year aren't you?
|
||||
So you're going out on work placement, is that correct, yeah? I am, yeah. And if you, I am,
|
||||
I'm still looking for a placement. So if there's any, any listeners wanting to take me on,
|
||||
or if they're interested, if you can get in contact with me, that'd be brilliant.
|
||||
So if there's anyone from the HPR audience in Newcastle area, isn't that,
|
||||
because you're obviously not wanting to travel to America to do a newcastle preferably, yeah.
|
||||
Newcastle or Vegas either or, yeah. Newcastle, so if you, any HPR listener in the Newcastle,
|
||||
or know someone in the, the absolutely, you still there, buddy?
|
||||
Yeah, I'm still here. It's just echoing a little bit.
|
||||
All right. Anyone in Newcastle area or know someone in the Newcastle area that, you know,
|
||||
can think that they can help right now do drop them a line.
|
||||
The, you know, I've talked to people about this before, you can't ask for anything more than a
|
||||
tamed geek apart from a tamed geek, ethical hacker. So, you know, definitely a great asset to have
|
||||
for your business for a year. So I suppose the next question I want to speak to because, you know,
|
||||
we share similar stories in a lot of ways around. Yeah. I was never part of kind of the,
|
||||
the UK hacking scene. I was, I was a web developer that got, I was a self-taught web developer who
|
||||
experienced the hacking event and that pushed me and drove me forward and one day I ended up,
|
||||
going on to ethical hacking and from there on in which never looked back.
|
||||
So I was never part of almost that Yahoo chat generation of hackers.
|
||||
But, I mean, what do you think that the hacking scene in the UK is like at the moment?
|
||||
I mean, it's obviously not as big as the American one. It's still, in my opinion anyway,
|
||||
it's still maturing, which is great because it means that there's plenty of opportunity out there
|
||||
within the community. So, yeah, I mean, there are conferences popping up here and there.
|
||||
Some good conferences down in London. I think they get the Black Hat Europe, is that in London?
|
||||
Oh, I'm not too sure. I know that I have the Europe, I feel the Europe one might have been in Amsterdam.
|
||||
I had Infosac in London recently. Yeah. That's, I'll rest say, I think they have as well.
|
||||
Yeah. I mean, my views are, with the university courses, what we're fighting as cities are now,
|
||||
you know, where they aren't, where they may have still had the same number of hackers.
|
||||
They're now quite happily to be able to say, oh, I'm a university studying ethical hacking.
|
||||
And they're coming out of the woodwork. Yeah, the terms being bounded about more
|
||||
and people are starting to understand. As an ethical hacking student, I'm going to ask you this
|
||||
question and I almost know the answer. When you first meet someone, how do you tell them what
|
||||
course you were on? Because whenever I first ever met someone and they said to me, oh, what are you
|
||||
doing at university? I said, oh, I'm doing ethical hacking and countermeasures. And they look at you
|
||||
and you have to repeat yourself again because they didn't understand what you said the first time.
|
||||
And then do you get asked this question straight on the back of it? How could you be ethical?
|
||||
Exactly. What I know, what I know only say is I've taken the ethical hacking out of it when
|
||||
people ask me, I just say computer security. Yeah, I had the pleasure of showing potential
|
||||
first years around the university every year and I used to explain the story to them. I always
|
||||
used to grab me within about eight weeks of university and say, yeah, I tell everyone I do a
|
||||
computer security course. And what I've started to do is at the end of the day, my art course
|
||||
has slightly different titles. It was this ethical hacking and computer security. I might as well
|
||||
have the hacking and countermeasures. Whenever I started to get asked, but how can ethical hacking
|
||||
be ethical? And you say, well, it's actually more. But you've chosen to look at the first two words
|
||||
of a three-line statement. Exactly. We're actually here for. I mean, I think, I think hacking
|
||||
only has the bad stigma because of the media in the first place anyway. So it's just a perception
|
||||
that people have and they just don't really understand the term itself. Yeah, I mean, I think what
|
||||
people maybe don't understand is that how actually widespread hacking is. I don't think people
|
||||
realize that it's happening every single day in front of them and they don't realize it's a
|
||||
clear and present danger every single day out there. And we do need to produce
|
||||
good quality computer graduates with a firm understanding of security. But upon that as well,
|
||||
we need to produce good quality developers with a firm understanding of security concepts.
|
||||
I don't want to pick on developers, but if between the ethical hackers and the developers,
|
||||
if we work together, we could probably secure an awful lot of the internet.
|
||||
Definitely, yeah. I agree. I mean, I think the third question I get asked right after
|
||||
what course do you do is can you hack my boyfriend's email address?
|
||||
That's not me, the next question that comes out right now. I mean, you're just a legend in my
|
||||
lifetime because whenever I tell a girl I'm doing ethical hacking, I never see her again.
|
||||
I mean, this is the whole bunch of male ethical hacking students out there that whenever a girl asks
|
||||
them what they're doing, yeah, I'm a firefighter.
|
||||
In the interest of trying to keep the show short and not to monopolize too much of your time,
|
||||
what is your advice for someone wanting to get into ethical hacking?
|
||||
I mean, what? I'm bearing in mind that the hacker public radio is a widespread audience and
|
||||
sometimes going to university isn't an answer that if you want to get into something and not
|
||||
about to jump into university, of course, tomorrow is to do it. What would be your advice for someone
|
||||
who just wants to play an understanding ethical hacking and wants to just experience it a little
|
||||
bit more? What would your suggestions be to them?
|
||||
I mean, as you said, everyone is in a different stage in the life so university might not be the
|
||||
best option for them as it was for me and you at the time. So, I mean, the first thing I'd say is
|
||||
you've got to just read lots, get books, go online, meet online, listen to it to podcasts,
|
||||
just get involved in the community and learn as much as you can, just never stop learning and I think
|
||||
if you don't love security or ethical hacking then don't do it. If you don't have a passion for it,
|
||||
then just don't even start. I mean, I have to echo exactly what you're saying there. I mean,
|
||||
if you don't love this game, then don't play it. No, it's not for you. It's something that I love,
|
||||
I have a passion for. I can't wait to get home and read what's the latest going on in the community,
|
||||
what's the latest hack and the newest vulnerability. It's something that I love and I think if you don't
|
||||
share that passion, it'd be very hard for you to learn definitely. So, I mean, for me, you touched
|
||||
on some great points there. For me, the greatest skill that you need before you even consider
|
||||
going into ethical hacking is the ability to research, is the ability to learn sometimes on your
|
||||
own steam and sometimes by just using something like Google or whichever search engine you use.
|
||||
I think you're just taking the initiative yourself to try out the things obviously in a legal way
|
||||
on your local network. Just try things, see what happens, see what the responses are,
|
||||
and the best way is to practice and read and just definitely the way forward.
|
||||
Okay, this is, we're getting to this point in every podcast where we say, what's the shameless plug?
|
||||
Is there something that you want to promote or something that you want to share with people?
|
||||
Now's the time to jump in and go for it. Is there anything you want to tell the
|
||||
radio audience? Yeah, there's a couple of things. I think I mentioned before that I'm looking for
|
||||
a placement for next year. So, preferably Newcastle area, Northeastern area, but I am willing to
|
||||
consider the anywhere in the UK. Another thing where, if you've downloaded that one,
|
||||
or whatever, 105, you would have seen the image on there saying that we're looking for a sponsor.
|
||||
So, if you'd like to sponsor that one, and have your logo on there, if you're getting contact
|
||||
with me and we can arrange that. Awesome. Now, Ryan, how can people, if you've got a blog address that
|
||||
we can give to people? Yep, it's www.ethicalhacker.co.uk. The last E is a 3. So, ethical hacker,
|
||||
with the last E is a 3.co.uk, or you can find me on Twitter. I'm a regular
|
||||
Twitter. You can find me on Twitter.com forward slash ethical hacker again. The last E is a 3.
|
||||
If you want to learn more about the downloadable web app, it's dvwa.co.uk.
|
||||
Okay, so that's ethical hacker and it's K3R, the last bit. That's correct. Awesome.
|
||||
And you can be found it. Also, your project can be found on sourcewatch. Also on dvwa.co.uk.
|
||||
Yeah. What's left for me to do now is to, once again, thank my guest, Ryan Duhurst, for taking the
|
||||
time to come and talk about his project and on the show. It's absolutely awesome. Thank you
|
||||
very much, Ryan. You're welcome. It's been a pleasure to come on the show and talk to you.
|
||||
And your audience. So, all that's really left for me to do is to thank the Hacker Public Radio
|
||||
audience. You guys are home for listening to us. Before I go, if you like to make a podcast and
|
||||
be part of the Hacker Public Radio production team almost to say, it couldn't really be any easier.
|
||||
You can record a show on anything that you want. We've had shows on lots of different
|
||||
things from quitting smoking to brewing beer to hacking web applications. But if there's
|
||||
anything that you want to share, if there's a project that you want to talk about or
|
||||
how to guide that you want to produce an audio version of, then really get a recording done
|
||||
and contact HPR and we can help you get that show out. HPR is all about people taking the time
|
||||
and recording shows and making them available for everyone to download. HPR can't do a show every day
|
||||
if people don't make shows for us. So, please, if you do have the time and you want to get involved,
|
||||
that's a great way to help Hacker Public Radio and you can find the contact details on the Hacker
|
||||
Public Radio site for that. All that's left for me to do is once again thank my guest, thank the
|
||||
listeners and I look forward to speaking to you all again sometime soon. Thank you very much.
|
||||
Reference in New Issue
Block a user