#Learn365 Day-4: Unauthenticated & Exploitable JIRA Vulnerabilities

There are multiple security vulnerabilities associated with the various versions of JIRA software which are exploited in wild and is one of my personal favourite 3rd Party apps to hunt.

#BugBountyTips

(1/n)

There is real opportunity to:

- scale a HoldCo
- focused on a portfolio of software & digital-forward assets
- serving niche and/or traditionally sleepy verticals

A playbook to follow...

But first... why is there opportunity?

- software is eating the world (& APIs are eating software)
- there are great product opp's for those who know where to look
- theres no real competition
- SaaS/subscription is the best delivery model out there (build once, sell twice+)

And why now?

We’re entering what I call the ‘Deployment Era’ ... where more traditional (sleepy) businesses will increasingly leverage software/tech to improve their model

And the best part is... we're on the front-end of riding this longer-term wave

So what does this mean?

Software (& other digital-first products) will eat more of the ‘traditional SMB’ stack

But most aren’t focused here bc it isn’t sexy or cool…

Which is where the opp is for those who have the right deal nose & know what to build & for who

There is big opportunity to build/scale in overlooked places...

Where you can build/acquire assets that have the best econ delivery model (SaaS/sub), w/ low competition, where you have an inside edge/know everyone in industry, & can do it when no one is looking

Most commonly used AWS services:

🧵👇🏻

1. Elastic Compute Cloud (EC2):

EC2 instances are basically servers with an operating system which can be used to run your applications on the internet just like you run your applications on your laptop during development.

2. Relational Database Service (RDS):

RDS is a distributed relational database service.

Amazon RDS is available on several database instance types - optimised for memory, performance or I/O - and provides six familiar database engines to choose from, including:

- Amazon Aurora
- PostgreSQL
- MySQL
- MariaDB
- Oracle Database
- SQL Server

3. Elastic Container Service (ECS):

AWS ECS is a fully managed container orchestration service.

ECS has been a foundational pillar for key Amazon services and it can natively integrate with other services such as Amazon Route 53, Secrets Manager, AWS Identity and
...

How to join a developer community?
or
How to find mentors/developer friends?

A detailed thread 🧵👇

For context I have been a part of various developer communities for ~3 Years. I have found that learning with people is the best and most effective way to learn.

So here are the ways you can join a developer community:

💻 If you are a student

Many companies have their campus ambassadors/ Hack clubs / Developer club program that you can join or lead in your campus.

Some of my favorites:

⚡️Student Ambassador program @Microsoft (I am a part of this for 2 years now)

1. in the beginning, browsers didn't have download statusbars
2. firefox got a browser statusbar extension. it was configurable and worked well
3. chrome cloned it without options and it didn't work as well

4. firefox realized chrome was faster and more secure at everything and therefore dropped extensions
5. now firefox doesn't have a download statusbar either

6. someone reimplements download statusbars in firefox's new web-extensions format. it's terrible because of the inherent limitations of the significantly less flexible and powerful extension format

7. CHROME WINS! (with its terrible download statusbar implementation which can't be fixed by users, because No Options and No Skins and No Extensions)

this is where we are now