Software Development

So you want to be a software developer? Here’s how to break into cybersecurity

John Rigney, the CTO of Locust Point, Baltimore-based cybersecurity talent training company Point3 Security, gives an explainer on how to spot and address stack buffer overflow issues.

The evolving fight against cyber fraud.

(Photo via stock.adobe.com)

Ready to squash some bugs?

In this development tutorial, John Rigney, cofounder and CTO of Locust Point, Baltimore-based cybersecurity talent training company Point3 Security, explains how to get into cybersecurity using a training and screening module in the company’s ESCALATE Talent Screening platform. He also shows how a cybersecurity professional can reverse engineer a hacking exploit with the NSA-developed opens source tool GHIDRA.

We’re starting off with the “Hello, World!” of cybersecurity: stack buffer overflow. The idea is that you send too much information into a buffer and it causes a crash. Too much information could be a long string of capital As or too many zeroes. Whatever the input, it causes a crash that a hacker can exploit.

The following excerpt, from the longer video at the article’s end, features an explanation of the code error that breaks the text adventure ESCALATE uses in its testing module, which can lead to stack buffer overflow issues.

Rigney is using GHIDRA in the excerpt above. Binary Ninja is another tool used to reverse engineer exploits hackers use.

Rigney participated in the NSA Cooperative Education program during his time at the University of Kentucky. That experience, in which he saw the theory he learned at school in practice, inspired his love for cybersecurity. That same appreciation for practical knowledge and application is the foundation upon which the ESCALATE Talent Screening is built.

Advertisement

If you’re less inclined to take the university and co-op route, there are “bug bounty” programs that pay a financial reward when a vulnerability is found in a company’s software. Most major tech corporations, from Meta to Microsoft to Google, use such programs. Finding these vulnerabilities themselves can be profitable; they can also help a resume through the Common Vulnerabilities and Exposures (CVE) system, which provides a CVE number whenever a bug is found. Think of a CVE number as a patent number or a reference list of cybersecurity problems solved.

Below, check out the full video of Rigney using the company’s ESCALATE Talent Screening software to demonstrate and teach how a cybersecurity professional would reverse engineer a stack buffer overflow issue in code.


Donte Kirby is a 2020-2022 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Robert W. Deutsch Foundation.
Companies: Point3 Security
-30-
Subscribe to our Newsletters
Technically Media
Connect with companies from the Technical.ly community
New call-to-action

Advertisement