Learning to be a software developer, specialising in ethical hacking

Introduction

My name is Aymar. I work for Geovation as a Junior software developer, latterly with a focus on security. I have a master’s in Cyber security and I am about to complete the E-C Council certification as an Ethical Hacker. My interests range from tennis, football and to all things related to Cyber security.

The aim of this article is to provide an account of my journey learning the ropes of being a software developer with the added element of cyber security, and how that has helped Geovation Hub members add value to their business products.

Key Definitions

What is software development?

Software development is the process of conceiving, specifying, designing, programming, documenting, testing, and bug fixing involved in the creation and maintainance of applications, frameworks, or other software components.

What is web application security?

Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application’s code.

The journey so far

Early phase

In my role as a software developer, the early weeks were about understanding the Geovation Engineering methodology and the collaborative tools (Jira, Trello and Github to name but a few) that the team uses. The engineering team uses an iterative approach to project management and software development called Agile. In order to adjust to the engineering department working practices, I developed a basic security framework for start-ups using the programming language Python.

I have also enjoyed the benefits of pair programming working alongside ‎Johann Rajakarunanayake‎ while updating the Geovation spatial data catalogue. It required an understanding of HTML and involved manipulating files in XML formats with an emphasis on the continuous review of the code to reduce unnecessary maintenance down the road.

On another project, I worked with ‎Johann Rajakarunanayake‎ to provide development support to Ordnance Survey in testing the various APIs they make available to the public on their data hub.

That period of work enabled me to learn to write clean basic code, fix bugs, and more importantly to break down my projects into small deliverables, implementing those deliverables and then testing them.

Latter phase

My enthusiasm for cyber security and the desire to contribute to the ever-evolving engineering culture at Geovation, by bringing up security related issues, shaped the next phase of my journey. I started to apply the team’s methodology by providing cyber security support to the hub members/start-ups. Below are some examples of the various areas of security support that I have provided to the members, which have ranged from compliance certification to web vulnerabilities assessment and testing.

• Certification – I advised a start-up whose platform addresses community engagement by advising them on how to obtain the Cyber Essentials certification, which is mandatory for businesses looking to bid for specific government contracts.

• Web QA – I provided support to a member whose business is seeking to optimise the process of buying, selling and searching for land. They wanted some Quality Assurance Testing of their web application. This included carrying out as many ad-hoc tests as possible on their company website from testing form Input Fields, to ensure that the website behaves consistently across all operating systems and browsers, checking the directories not meant to be accessible through the URL (robots.txt) or dotdotslash, checking the coverage of the SSL certificate, to name just a few tests.

• Penetration Testing – A Start-up whose platform is bridging the gap between the consumers and service providers received support on issues related to user authentication on their platform.

• Cyber Security Surgeries

  • The different types of cloud services and deployment models and the understanding of security responsibilities were explored with a member whose business specialises in drone missions.

  • A start-up whose platform addresses a challenge in the construction sector, wanted to understand what cyber security means for its company. We looked at the basic cyber hygiene suggested by the National Cyber Security Centre for small businesses, sole traders and start-ups. It covers a small set of controls and provides a good basis for security.

  • A member whose business solution is about Near Field communication (contactless) wanted to be informed about the start-up regulatory obligations and the vulnerabilities they should be watching out for.

Conclusion

Being a software developer does test your tenacity, you should be prepared to learn new technology quickly, know how to find existing solutions (Remember Google is your “friend”) and integrate them effectively in what you are doing. In the Geovation engineering department, you are challenged to do that and supported in equal measure. It is a culture of collaboration with the overall aim of adding value to any project.

I wanted to learn to add value with my work and my role has enabled me to play a part in adding value to the Geovation members business solutions. Most importantly, the valuable experience that came with it has been worthwhile, and the positive feedbacks from the members have been a spur.

In life, You should start from the premises that nothing is laid out on a plate for you, and always place a premium on learning.

Thank you for taking the time out to read this article. I hope you find this personal account insightful.