The personal website of Phil Massyn¶

July 28, 2023
in security
6 min read

Threat Modeling

Threat modeling is a process used by developers and engineers to understand the threats that exist that may exploit a weakness or vulnerability in a software application or platform.

December 15, 2022
in aws
4 min read

Hosting a website on Lambda Function URL

In the past, I did a lot of Perl programming and a lot of CGI code that still run on various websites around the world today. When I migrated my knowledge across to AWS and serverless infrastructure, I found myself having to develop code in a similar structure to what I did previously in Perl and PHP.

With this article, the goal is to demonstrate how you could dynamically generate HTML in a Lambda function, and use Lambda as a make-shift web server for some simple applications using Python.

October 1, 2022
in breach
5 min read

Optus breach of 2022

Optus, one of the largest telcos in Australia has suffered a major security breach, losing the sensitive information of close to 10 million Australians. A lot has been said already on the topic. I wanted to focus on the psychology behind a breach.

September 20, 2022
in electronics
1 min read

Raspberry Pi Pico

Key Links

September 20, 2022
in breach
4 min read

The Uber Hack of 2022

It's been a wild year for Uber which has suffered through another security breach. The reactions to the hack have been mixed, and I've been contemplating how to respond. Here's my take...

September 15, 2022
in coding
5 min read

Resilient Software Design

When you operate a large fleet of servers, patching your operating system and other software components is a necessary task to prevent malware and external threat actors from taking control of your system. In a number of cases, I've heard clients use the words: "I can't patch my system because it might cause an outage." Let's unpack this disturbing statement.

September 4, 2022
in aws
4 min read

The root account

The AWS Root account is an absolute god user for your AWS account. This account must be kept secure, and only used in absolute emergencies. For an account that is so sensitive and secure, I was quite surprised that it is integrated into almost everything that Amazon does.

August 10, 2022
in reference
2 min read

Open Source Security Tools

Discovery	Vulnerability
nmap	wp-scan
knock	owasp zap
robtex	prowler
shodan.io	wp-scan
centralops.net	nuclei

August 9, 2022
in privacy
3 min read

Privacy is not Security

While privacy and security are two concepts that closely follow each other, they are two different things. What exactly is the difference between these topics?

July 23, 2022
in aws
5 min read

Digital Ocean is (probably not) better than AWS

Earlier this week, while browsing through my Twitter feed, I saw a post where someone was saying that Digital Ocean was better than AWS. Having used both of them extensively, the post caught my attention, and after reading through the comments, it became very clear to me that there was a huge misunderstanding between the two services. Let's break it down.