Already know application security? Here’s a new course for learning about Ethereum and smart contract auditing. It’s free, it’s open.

TL;DR — the new course is at https://ethsec.io/course and that’s all open-source via https://github.com/ethereumsec/course

Years ago I taught myself web development in college via The Odin Project. It’s an open-source, free course that can take someone from zero programming knowledge to being a Rails developer (with portfolio!).

As time has passed and “awesome lists” have grown in popularity, I’ve increasingly appreciated The Odin Project. …


IT people that don’t believe in blockchain can still work with it (and probably should).

Photo by Chris Leipelt on Unsplash

Earlier this month, a colleague and I presented at EY’s 2018 Product Security Summit about auditing Ethereum contracts.

Note: this article does not reflect EY’s views in any way. Views are strictly my own.

Before we got into the Powerpoint, I put out a verbal disclaimer… Neither of us were/are blockchain “evangelists”. We wouldn’t tell anyone to build something with blockchain. But if you came to us for help securing that software, we’d certainly do so.

There’s a lot of risk that comes with deploying…


Sometimes you fall down a Github rabbit hole, clicking through profiles, and find something like Dad Simulator.

Then you’re bonding with a virtual dad instead of closing issues.

Dad Simulator is a browser game, written in the Phaser framework. My understanding is it’s hackathon code from one Liam Gensel.

It’s basically a dad Tamagotchi. You have depleting stat bars, if they bottom out you die, and to keep that from happening you buy stuff to bump stats.

I acknowledge it as a novel concept, and I want to play but also have work to do. …


“A broken mannequin laying on the street in Taguatinga” by Edu Lauton on Unsplash

When it first became a thing, Headless Chrome wasn’t even available for Windows. You could only go headless on Linux with Chrome 59.

And Linux had superior headless browsing before! Virtual frame buffers.

lot of people still don’t realize you can run Chrome headless on Windows now. Well, you can, and it’s as easy as doing this from Powershell…

cd 'C:\Program Files (x86)\Google\Chrome\Application'

# Dump DOM to the screen
.\chrome.exe --headless --disable-gpu --enable-logging --dump-dom https://www.google.com/

# Save the page as a PDF
.\chrome.exe --headless --disable-gpu --print-to-pdf=C:\Temp\output.pdf https://www.google.com/

# Screenshot the page
.\chrome.exe --headless --disable-gpu --screenshot=C:\Temp\screenshot.png https://www.google.com/

W O W

Now…


We’re about to talk about some top secret Illuminati Deep State infosec sauce. Protect your virgin ears (eyes?).

99% of infosec books are useless. They were written so the author can charge more for seminars they give to Fortune 500’s.

What about the other 1% — the books everyone recommends on /r/netsec and StackExchange? You won’t retain much by reading them or even taking copious notes.

Maybe if you rewrite the whole book on a blackboard a dozen times. Go ahead. The Web App Hacker’s Handbook is 900 pages long.

“No, Randy, NO! I’ve spent thousands on security books!”

You…

Randy Gingeleski

Software engineer, security consultant, curious computer user.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store