300 word summary: What is the paper about? Defending Against Injection Attacks Through Context-Sensitive String Evaluation introduces CSSE – Context-Sensitive String Evaluation – a way to detect sqlI in php at runtime – essentially an intrusion detection platform for php apps (though it required modifications to source-code) and its implementation. The Read more…
What is an API (Introduction to API’s) Carrying on from my previous posts on SOA here and here I thought it may be useful to write a post on what an API is, giving some lower level information on my previous posts and an introduction to non-programmers (and junior programmers). Read more…
300 word summary: AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. Provides a valuable background section on the countermeasures for SQL injection attacks: Defensive Programming General Techniques against SQLi Static Analysis techniques Provides examples of SQL injection attacks, with sql code. Provides a definition of an sql injection attack: “An Read more…
My MSc Thesis in 2016 was titled Evaluation of SQL injection testing tools and techniques. I had a quick look through all my old uni work looking for content to put on my blog, and decided to see if I could find my thesis online. I found it available as Read more…
My research notes about the different types of sqli – sql injection attack types; inband (eg reading errors from the screen) out-of-band (getting information from a different channel eg from an email after the attack) inferrential (or blind) – getting an error from a system that allows you to re-construct Read more…
What is the paper about? a holistic approach for a static analysis algorithm to detect sqli in web applications using run-time inspection Who is the intended audience? researchers Is title/abstract accurate yes Is the big ‘point’ of the work clear? yes Is there an original/significant contribution to knowledge yes, they Read more…
This paper (A Classification of SQL Injection Attacks and Countermeasures) has an excellent section on Injection mechanisms – the way that sql code is modified to actually perform the injection attack – the attack vectors – user inputs cookies server variables second order injection (seeding an sql injection into a Read more…
By now in out Building a PWA vuejs app with wordpress API journey, we have a basic vuejs app which can fetch data from a WordPress API using axios and can display the data.The aim of this Building a PWA vuejs app with wordpress API series, however is to build Read more…
Conditional rendering. Our category system is a bit basic right now – it doesnt check to see which categories actuall have posts (and which categories have child-categories), so in this post we will be adding these checks – checking if the categories have sub-categories, and checking if they have posts Read more…
Building a PWA vuejs app with wordpress API – Part 5 at this point pour app looks pretty poor, this part of the turorial we will fix some of the issues we have: 1) add a link for the categories 2) use some bootstrap code to make things look nicer Read more…
Building a PWA vuejs app with wordpress API – Part 3 In part 3 we will be looking at categories (or archives in wordpress terminology) At this point, its good to look into the wordpress API – fortunately there is excellent documentation available here: https://developer.wordpress.org/rest-api/ The specific endpoint we are Read more…
In part 3 we will be looking at categories (or archives in wordpress terminology) At this point, its good to look into the wordpress API – fortunately there is excellent documentation available here: https://developer.wordpress.org/rest-api/ The specific endpoint we are interested in is the ‘post’ endpoint: https://developer.wordpress.org/rest-api/reference/categories/ The first edit we Read more…
Continuing on fom Part1, where we made a (very) basic vuejs app to fetch data from a wordpress API, we will move on and in this tutorial we will set up some routes and create a basic ‘single’ page to show the content from a wordpress post Tirst thing to Read more…
Building a PWA vuejs app with wordpress API – Part 1 The aim in this is to make an offline-first PWA with vuejs / axios / bootstrap using wordpress as a backend service.Secondary considerations are: using cordova to aid us in building an android, iOS and electron app Beginning Building Read more…
Os Detection Techniques and OS fingerprinting Os Detection Techniques – Background information This is a list of Os Detection Techniques, with explanations for all the active and passive Os Detection Techniques I can find for remote operating system identification – there is a massive list of sources at the end. Read more…
It turns out that adding cordova to an existing vue app is pretty easy – if only I’d known this before trying at least 10 different ways: First, make sure your environment is setup npm install -g cordovanpm install -g @vue/cli clone your existing repo and cd to its folder Read more…
If you have ssh with keys for authentication setup on your system, and you use vagrant then you can combine the two to have all your ssh keys automatically shared with your vagrant machine vim ~/.ssh/config Host 192.168.x.x ForwardAgent Read more…
Vagrant with sshfs. You can use sshfs in vagrant with only a private network. This is fine if you are doing all your devlopment from a single machine and dont need to access the vagrant box from your network, but if you need to run some testing from an external Read more…
Remote Debugging PHP in SublimeText with XDebug prereqs: This post assumes you already have a working xdebug install SublimeText How to get Xdebug working with Sublime Text? Open SublimeText Open the package install dialog (cmd+shift+p then type “pack inst”) Search for ‘xdebug’ Select Xdebug Client and Press enter Setting Up Read more…
Remote Debugging PHP in Brackets with XDebug prereqs: This post assumes you already have: a working xdebug install Brackets How to get Xdebug working with Brackets? Open Brackets Goto the extensions tab (the second icon on the right pane) Search for ‘xdebug’ Click install Click close, click close again Click Read more…
Remote Debugging PHP in Eclipse with XDebug prereqs: 1) This post assumes you already have a working xdebug install2) Eclipse Configuring Eclipse and Xdebug Open Eclipse Inside Eclipse, goto preferences > php > debug > debuggers Change the debugger to xdebug Click configure Change the dropdown for “accept remote session Read more…
Remote Debugging PHP in Visual Studio Code with XDebug prereqs: 1) This post assumes you already have a working xdebug install2) vscode How to get Xdebug working with Visual Studio Code? Open vscode Goto the extensions tab (the last icon on the left pane) Search for ‘PHP Debug’ Click install Read more…
service-oriented architecture and frameworks IntroductionPapazoglou, (2003) organised SOA in four architectural layers: Service Foundations, Service Composition, Service Management and Service Engineering and outlined a host of technologies that could be utilised when developing and deploying an SOA system to overcome the challenges of a distributed enterprise system, including application integration, Read more…
It turns out that coding in php on android is possible (even if its not as good as on a mac, linux or even windows). In this blog post I’ll go into some editors, IDE’s and other options for editing php code (and running a development LAMP stack) on your Read more…
Laravel quickstart gist using craftable and existing database schema to generate models, etc from existing database schema. cd ~/git brew install nmp brew install nodejs curl -sS https://getcomposer.org/installer | php mv composer.phar /usr/local/bin/composer composer create-project –prefer-dist laravel/laravel exampletest “5.5.*” cd exampletest composer require –dev “xethron/migrations-generator” copy in .env file php Read more…
This follows on from the previous laravel gist. it covers generating mdels, views and bootstrapping for controllers for pre-existing database tables.Useful if you have a few hundred tables and relationships in an existing database. cd ~/git brew install nmp brew install nodejs curl -sS https://getcomposer.org/installer | php composer global require Read more…
Here is my quick start bootstrap for creating laravel sites from scratch cd ~/git brew install nmp brew install nodejs curl -sS https://getcomposer.org/installer | php composer global require laravel/installer laravel new php atisan migrate:install php artisan make:auth php artisan migrate #api composer require laravel/passport php artisan migrate php artisan passport:install Read more…
This is a short post detailing how to manually setup php fpm with apache on centos7. php fpm is a great solution (especially when used with nginx, but you may want to keep running apache while still having some of the benefits of fmp – you might even be running Read more…
This is a short post on how to setup a dvwa vagrant box for your testing. I recommend this method when installing and testing new tools (and even for developing tools of your own) – there are known vulnerabilities in this system, so you can use the scientific method while Read more…
Installing mariadb 10.2 mysql 5.7 in centos If you use the following method to install the latest mariadb, updates will be installed with the regular yum update commands! The first part is to add the mariadb official repo to your system. 1) firstly, create an empty file at /etc/yum.repos.d/mariadb.repo sudo Read more…
Vagrant with NFS and public_network. You can use NFS in vagrant, but it requires a private_network to work; This is fine if you are doing all your devlopment from a single machine and dont need to access the vagrant box from your network, but if you need to run some Read more…
I just realised I dont have a post on how to install xdebug in centos7 with php7 and setting up xdebug and eclipse. Its a feature that I use every day, and I had assumed I already had a post, but when searching my site ) only found instructions for Read more…
There are a couple of different ways to install php7 on centos7 – Installing yum-plugin-replace and inline-replaceing the whole php subsystem seems to be the easiest way: You need to have a couple or yum repo’s enabled for this to work properly: webtactic and epel rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh Read more…
Ive completed my MSc Thesis! I was awarded a grade A (81%) and an MSc with distinction :D The abstract from my thesis is below: SQL injection vulnerabilities remain one of the top ten most critical web-application security risks. SQL injection itself is a well understood subject. There are many Read more…
Hardening ssl ciphers. I wrote a post previously about disabling sslv2 and enabling sslv3 and tlsv1. Times have changed since then, its been best-practice for a long time now to only use tlsv1.1 and tlsv1.2 with forward secrecy. This post replaces the previous post, and will be updated with the Read more…
[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”3.0.47″][et_pb_row admin_label=”row” _builder_version=”3.0.48″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text admin_label=”Text” _builder_version=”3.0.74″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”] This is a short post on Installing vagrant on centos 7. First, you need to download vagrant – head over to http://www.vagrantup.com/downloads and copy the url to the current vagrant package in Read more…
Installing mongodb on centos7: To install the mongodb server in centos7 first you have to add the mongodb repo: vim /etc/yum.repos.d/mongodb.repo Paste this into the file: [mongodb] name=MongoDB Repository baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/ gpgcheck=0 enabled=1 Next, update your yum database and install the mongodb server yum update && yum install mongodb-org mongodb-org-server Your Read more…
What is an sql injection attack? All websites process data entered by users. An input-validation attack is when unexpected user input is processed by a web server or database and an error occurs. What is an sql injection attack? “An SQL Injection Attack (SQLIA) occurs when an attacker attempts to Read more…
