Software Development

So you want to be a software developer? Here’s how to break into cybersecurity

John Rigney, the CTO of Locust Point, Baltimore-based cybersecurity talent training company Point3 Security, gives an explainer on how to spot and address stack buffer overflow issues.

The evolving fight against cyber fraud. (Photo via stock.adobe.com)
Ready to squash some bugs?

In this development tutorial, John Rigney, cofounder and CTO of Locust Point, Baltimore-based cybersecurity talent training company Point3 Security, explains how to get into cybersecurity using a training and screening module in the company’s ESCALATE Talent Screening platform. He also shows how a cybersecurity professional can reverse engineer a hacking exploit with the NSA-developed opens source tool GHIDRA.

We’re starting off with the “Hello, World!” of cybersecurity: stack buffer overflow. The idea is that you send too much information into a buffer and it causes a crash. Too much information could be a long string of capital As or too many zeroes. Whatever the input, it causes a crash that a hacker can exploit.

The following excerpt, from the longer video at the article’s end, features an explanation of the code error that breaks the text adventure ESCALATE uses in its testing module, which can lead to stack buffer overflow issues.

Rigney is using GHIDRA in the excerpt above. Binary Ninja is another tool used to reverse engineer exploits hackers use.

Rigney participated in the NSA Cooperative Education program during his time at the University of Kentucky. That experience, in which he saw the theory he learned at school in practice, inspired his love for cybersecurity. That same appreciation for practical knowledge and application is the foundation upon which the ESCALATE Talent Screening is built.

If you’re less inclined to take the university and co-op route, there are “bug bounty” programs that pay a financial reward when a vulnerability is found in a company’s software. Most major tech corporations, from Meta to Microsoft to Google, use such programs. Finding these vulnerabilities themselves can be profitable; they can also help a resume through the Common Vulnerabilities and Exposures (CVE) system, which provides a CVE number whenever a bug is found. Think of a CVE number as a patent number or a reference list of cybersecurity problems solved.

Below, check out the full video of Rigney using the company’s ESCALATE Talent Screening software to demonstrate and teach how a cybersecurity professional would reverse engineer a stack buffer overflow issue in code.

Donte Kirby is a 2020-2022 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Robert W. Deutsch Foundation.
Companies: Point3 Security

Before you go...

Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

Our services Preferred partners The journalism fund
Engagement

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!

Trending

Silicon Valley venture firm launches ‘Rising America’ fund to back diverse founders

Pittsburgh’s innovation ecosystem is surfing a wave of momentum

Why are there so few tech apprenticeships?

Philly’s RealLIST startups are split on the remote versus hybrid work debate

Technically Media