“ Test your systems with fire and ice, sand and sea, bile and blood….before your attackers do! ”
In this post we’re going to wrap up the Hacking Kung-Fu series. We’re still digging in and focusing on aims and objectives so this will be a bit lengthy. Thus, without further ado, let’s jump right to it.
First of all, it must be borne in mind that Hacking Kung-Fu is very demanding. To hack Kung-Fu calls for great discipline. And discipline in this field is defined more by what you do not do rather than by what you do. This is an art that relies a great deal upon endurance, perseverance, determination, as well as time and effort. When training and practicing this art, patience must be your greatest effort. Master Kung-Fu Hackers are not borne over night. As a matter of fact, some of the greatest kung-fu hackers to date have been quoted as saying that “it takes at least a minimum of 10 years before one becomes adept in the art.” But as the result is very rewarding. the extent of your reward depends mainly on how much “purposeful practice and training” you have put in. Aimless training and practice, as was stated in part one of Hacking Kung-Fu, is a huge waste of time! It is therefore helpful to have some idea of your aims and objectives…..
Aims
Aims are general in nature and long-term in perspective, whereas objectives are specific and immediate. How well we have achieved our aims calls for some subjective judgement, whereas the attainment of our objectives can be determined categorically. For example, a major aim of Hacking Kung-Fu is Systems Security. This ability to defend our own systems as well as our clients is a general asset. (An asset that has long-term benefits as more and more vulnerabilities become exploitable to the general public.) Generally, we do not set a specific time frame for acquiring this aim; we simply adopt the attitude that as long as we keep on learning, practicing, and training, we will enhance our ability to be able to defend our systems. However, we are clear on the fact that if we fail to defend ourselves effectively when that time arises, it means that we have failed in our aim.
Now granted, there may be times when we do set a time frame for our aims, but that period is usually measured in years rather than months. Otherwise, it may not be easy for us to objectively measure how well we have achieved our aim. For instance, we can say that we have achieved our aim if our developers have designed our website in such a way to effectively thwart XSS attacks, (By a single attacker in a given instance) but when we are faced with a group of attackers, say, a hacktivist group that targets our organization we may falter.
Objectives
Objectives are a bit different. We may set an objective to acquire the knowledge and skills to be able to defend ourselves against web application attacks within a six month time frame. Or from an offensive security point of view, we may set the objective to acquire the skills needed to test our web applications. Hence, our objectives are specific: for the time being we limit ourselves to either defending against these types of attacks, or learning how to carry out these types of attacks. (Intentionally deciding to leave other types of attacks to be covered by later objectives.) We can even go a step further and be more specific by deciding on what types of web application attacks we want to defend against or learn how to test for. As we have set a time frame of six months, our objective is also immediate: we are not pursuing this objective indefinitely. We can easily decide whether we have achieved our objective within our set time.
Conclusion
Above all, even though aims and objectives are closely related, an appreciation of the distinction contributes to our monitoring of our practice and training. Aims and objectives provide us with direction and purpose in our Hacking Kung-Fu, thus enabling us to achieve better results more quickly.
As always, thanks for reading. Hack On, gents!
