Awesome. Security. Advice.
Introduction:
The past couple of months have been very interesting for me. I had my first ever fully functional remote internship, at Appsecco. The tasks and the team, especially Riyaz sir got me going throughout. I used to look forward to the tasks that I would be assigned. The tasks were really cool and encouraged me to learn more and do more. This internship was not like the others. The first-ever assignment Riyaz sir gave me was developing an application that was not my forte wherein others would only give me tasks that I had an established skill set in. Then I was aware that this will be a journey that will push me from my comfort zone and help me get better, skilful on an overall front.
Just after finishing my 7th semester, I was looking for an internship opportunity and I applied to a few companies which had openings for security engineer positions. Here comes the exciting part, I got shortlisted for an interview at Appsecco. The date was fixed & scheduled. I think I’ll never forget that interview because it was an entirely new experience. The interviewer made me feel easy and calm, slowly he started asking about my experience and vulnerabilities that I had found in the past. The coolest part of the interview was when he started asking about the vulnerabilities and different ways of finding & chaining them. I felt comfortable discussing the bugs and there were a few misconceptions that I had, but all of them were resolved by the interviewer — Riyaz sir. The interview was an eye-opener for me about the work culture at Appsecco.
On the very first day, I was given an assignment to understand and make documentation of a tool called Kleopatra. I learnt a bunch of things about GPG key management through this exercise. Later I was assigned to read & learn about the OWASP ASVS Project. The next step was to give a demo onASVS. I learned a lot of things after getting honest feedback from Riyaz sir.
Now, coming back to the ride, Riyaz sir assigned me a task that involved developing a web application that is vulnerable. I was not familiar with the tech stack that was part of the assignment and honestly not even interested. And, frankly speaking, I did not want to work on this but the way Riyaz sir made me gain interest was awesome. He gave a proper idea of development/security testing. How they are two sides of a coin. I faced a lot of errors while doing this & asked Riyaz sir about those errors which got resolved by the end of the day. Slowly I got interested and started testing and building my own application and finally completed dockerizing the entire application.
Since I wanted to learn cloud and cloud security, I thought this was a dream come true moment. The next task was solving the challenges at flaws.cloud, which I think are really great to start in cloud security. I still remember every day what I have worked on and learned. I learnt a few things which literally changed my productivity, like taking notes and having plans for the rest of the week. Learned to audit AWS cloud for CIS Benchmark controls. In this whole process, I got familiar with the services of AWS and their configurations. I made a test account and explored IAM, S3, EC2, VPC, EBS Snapshots, RDS and Cloudtrail.
I used Trello for my notes, which I really loved.
On Sunday, Apr 24th, I participated in a competition from the folks at Pentester Academy in the Cloud Security Sprint challenge. The challenge was to solve the labs from the Attack Defence labs. So, I selected “IAM Enumeration” to solve. I was thrilled to find out that I was awarded a bonus prize which was access to the Pentester Academy courses & Labs for 1 year.
The Friday calls were really cool and new. During my internship, I used to talk to my other friends and I discovered they didn’t have anything like our Friday calls. The Friday lunch calls were great team bonding sessions, they convey the culture we have at appsecco. The calls provided a way to know the team in a whole new dimension apart from their work. The best part is that every Friday was fun learning, so I felt comfortable & cool while interacting with the folks. I would really take a moment to appreciate Shiwangi, our HR, for making our Friday so cool.
Impressed is a short word about Riyaz sir, he truly is super talented and passionate. It’s true that everyone has 24 hours a day. But the way he uses it towards his passion without a hint of stress is truly amazing. I find myself really happy to be able to work under him. I have nothing but immense respect for Riyaz sir for his patience and explaining concepts to someone who doesn’t have much knowledge about that topic.
So this is my story at Appsecco doing my internship for two months. My time at Appsecco so far has been full of knowledge and adventure. I have a lot to learn and grow and I know that I definitely have the best platform & people. My journey with Appsecco has been great and hopefully will be great further.
Signing off
Intern — XCriminal (Bhagavan Bollina)
Hate filling forms? We're quick to respond to emails and calls too.
