If you already have a WordPress theme and have used the customiser to change some settings, then creating a child-theme for more advanced modifications usually means loosing your customisations, or adding them again – Migrating parent to child theme customiser settings means that you don’t loose your customizations. Method1: using Read more…
Investigating uPNP with python for fun and profit. SSDP is an interesting uPNP protocol – devices advertise their capabilities on the network and leak valuable information. SSDP is very similar to http, except its run over UDP. https://tools.ietf.org/html/draft-cai-ssdp-v1-03 SSDP clients discover SSDP services using the reserved local administrative scope multicast Read more…
Snapcraft building arm snaps on raspberry pi! This post will focus on wrapping a python script using snap. Its recommended that you do this on ubuntu core 18, available from the ubuntu cd image repo here Install snapd, snapcraft and lxd sudo apt update && sudo apt upgrade sudo apt Read more…
Building custom blocks for WordPress. Blocks in WordPress are built in javascript (ES5, or ESNext/JSX then compiled down to js using webpack and bable). If you have used react or vuejs you will be very familiar with this workflow. Install nodejs First, you need to have node and npm setup Read more…
A breif look at the tools you need as a web developer in 2020, running Linux on the desktop as a web developer. OSX is my os of choice, but I’ve always used linux on at least one of my machines (I use Kali a ton, and Centos / Debian Read more…
How to set up a shopify local development environment. Shopify is an interesting platform – they allow you to create and edit your own tempaltes (using liquid) but there isnt a way to run an instance locally, like you would for wordpress for example. As a developer, you want to Read more…
“Connection to 127.0.0.1 closed by remote host” The dreaded ‘vagrant sshfs remount after timeout’ error when using vagrant-sshfs. It happens when forgetting to suspend the guest machine before the host machine hibernates. If you use vagrant along with the vagrant-sshfs plugin to mount host folders inside the guest you may Read more…
I’ve been training over the last 4 weeks for my Scrum Alliance Certified Scrum Master Certification. I took an online course, which was delivered over zoom in real time (as compared to a lot of courses which are pre-recorded video) We were split into teams (there were 4 in our Read more…
Following on from my vuejs and cordova tutorials, I decided to launch the app – you can now download the app from the app store I’ll be creating a roadmap and adding features – it is very very basic at this stage, but each feature will follow on from a Read more…
Building a wordpress plugin scaffolding from scratch This is a basic walkthrough on how to create the scaffolding for a wordpress plugin from scratch. Firstly, create a repo in githubclone that repo to your machine and inside, create a file with the same name as the repo: coolplugin/coolplugin.php inside this Read more…
300 word summary: What is the paper about? Defending Against Injection Attacks Through Context-Sensitive String Evaluation introduces CSSE – Context-Sensitive String Evaluation – a way to detect sqlI in php at runtime – essentially an intrusion detection platform for php apps (though it required modifications to source-code) and its implementation. The Read more…
What is an API (Introduction to APIs) Carrying on from my previous posts on SOA here and here I thought it may be useful to write a post on what an API is, giving some lower level information on my previous posts and an introduction to non-programmers (and junior programmers). Read more…
300 word summary: AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. Provides a valuable background section on the countermeasures for SQL injection attacks: Defensive ProgrammingGeneral Techniques against SQLiStatic Analysis techniques Provides examples of SQL injection attacks, with sql code.Provides a definition of an sql injection attack: “An SQL Injection Attack Read more…
My MSc Thesis in 2016 was titled Evaluation of SQL injection testing tools and techniques. I had a quick look through all my old uni work looking for content to put on my blog, and decided to see if I could find my thesis online. I found it available as Read more…
My research notes about the different types of sqli – sql injection attack types; inband (eg reading errors from the screen) out-of-band (getting information from a different channel eg from an email after the attack) inferrential (or blind) – getting an error from a system that allows you to re-construct Read more…
What is the paper about? a holistic approach for a static analysis algorithm to detect sqli in web applications using run-time inspection Who is the intended audience? researchers Is title/abstract accurate yes Is the big ‘point’ of the work clear? yes Is there an original/significant contribution to knowledge yes, they Read more…
This paper (A Classification of SQL Injection Attacks and Countermeasures) has an excellent section on Injection mechanisms – the way that sql code is modified to actually perform the injection attack – the attack vectors – user inputs cookies server variables second order injection (seeding an sql injection into a Read more…
By now in out Building a PWA vuejs app with wordpress API journey, we have a basic vuejs app which can fetch data from a WordPress API using axios and can display the data.The aim of this Building a PWA vuejs app with wordpress API series, however is to build Read more…
Conditional rendering. Our category system is a bit basic right now – it doesnt check to see which categories actuall have posts (and which categories have child-categories), so in this post we will be adding these checks – checking if the categories have sub-categories, and checking if they have posts Read more…
Building a PWA vuejs app with wordpress API – Part 5 at this point pour app looks pretty poor, this part of the turorial we will fix some of the issues we have: 1) add a link for the categories 2) use some bootstrap code to make things look nicer Read more…
Building a PWA vuejs app with wordpress API – Part 3 In part 3 we will be looking at categories (or archives in wordpress terminology) At this point, its good to look into the wordpress API – fortunately there is excellent documentation available here: https://developer.wordpress.org/rest-api/ The specific endpoint we are Read more…
In part 3 we will be looking at categories (or archives in wordpress terminology) At this point, its good to look into the wordpress API – fortunately there is excellent documentation available here: https://developer.wordpress.org/rest-api/ The specific endpoint we are interested in is the ‘post’ endpoint: https://developer.wordpress.org/rest-api/reference/categories/ The first edit we Read more…
Continuing on fom Part1, where we made a (very) basic vuejs app to fetch data from a wordpress API, we will move on and in this tutorial we will set up some routes and create a basic ‘single’ page to show the content from a wordpress post Tirst thing to Read more…
Building a PWA vuejs app with wordpress API – Part 1 The aim in this is to make an offline-first PWA with vuejs / axios / bootstrap using wordpress as a backend service.Secondary considerations are: using cordova to aid us in building an android, iOS and electron app Beginning Building Read more…
Os Detection Techniques and OS fingerprinting Os Detection Techniques – Background information This is a list of Os Detection Techniques, with explanations for all the active and passive Os Detection Techniques I can find for remote operating system identification – there is a massive list of sources at the end. Read more…
It turns out that adding cordova to an existing vue app is pretty easy. If only I’d known this before trying at least 10 different ways: First, make sure your environment is setup npm install -g cordovanpm install -g @vue/cli Clone your existing repo and cd to its folder git Read more…
If you have ssh with keys for authentication setup on your system, and you use vagrant then you can combine the two to have all your ssh keys automatically shared with your vagrant machine vim ~/.ssh/config Host 192.168.x.x ForwardAgent Read more…
Vagrant with sshfs. You can use sshfs in vagrant with only a private network. This is fine if you are doing all your devlopment from a single machine and dont need to access the vagrant box from your network, but if you need to run some testing from an external Read more…
Remote Debugging PHP in SublimeText with XDebug prereqs: This post assumes you already have a working xdebug install SublimeText How to get Xdebug working with Sublime Text? Open SublimeText Open the package install dialog (cmd+shift+p then type “pack inst”) Search for ‘xdebug’ Select Xdebug Client and Press enter Setting Up Read more…
Remote Debugging PHP in Brackets with XDebug prereqs: This post assumes you already have: a working xdebug install Brackets How to get Xdebug working with Brackets? Open Brackets Goto the extensions tab (the second icon on the right pane) Search for ‘xdebug’ Click install Click close, click close again Click Read more…
Remote Debugging PHP in Eclipse with XDebug prereqs: 1) This post assumes you already have a working xdebug install2) Eclipse Configuring Eclipse and Xdebug Open Eclipse Inside Eclipse, goto preferences > php > debug > debuggers Change the debugger to xdebug Click configure Change the dropdown for “accept remote session Read more…
Remote Debugging PHP in Visual Studio Code with XDebug prereqs: 1) This post assumes you already have a working xdebug install2) vscode How to get Xdebug working with Visual Studio Code? Open vscode Goto the extensions tab (the last icon on the left pane) Search for ‘PHP Debug’ Click install Read more…
service-oriented architecture and frameworks IntroductionPapazoglou, (2003) organised SOA in four architectural layers: Service Foundations, Service Composition, Service Management and Service Engineering and outlined a host of technologies that could be utilised when developing and deploying an SOA system to overcome the challenges of a distributed enterprise system, including application integration, Read more…
It turns out that coding in php on android is possible (even if its not as good as on a mac, linux or even windows). In this blog post I’ll go into some editors, IDE’s and other options for editing php code (and running a development LAMP stack) on your Read more…
Laravel quickstart gist using craftable and existing database schema to generate models, etc from existing database schema. cd ~/git brew install nmp brew install nodejs curl -sS https://getcomposer.org/installer | php mv composer.phar /usr/local/bin/composer composer create-project –prefer-dist laravel/laravel exampletest “5.5.*” cd exampletest composer require –dev “xethron/migrations-generator” copy in .env file php Read more…
This follows on from the previous laravel gist. it covers generating mdels, views and bootstrapping for controllers for pre-existing database tables.Useful if you have a few hundred tables and relationships in an existing database. cd ~/git brew install nmp brew install nodejs curl -sS https://getcomposer.org/installer | php composer global require Read more…
Here is my quick start bootstrap for creating laravel sites from scratch cd ~/git brew install nmp brew install nodejs curl -sS https://getcomposer.org/installer | php composer global require laravel/installer laravel new php atisan migrate:install php artisan make:auth php artisan migrate #api composer require laravel/passport php artisan migrate php artisan passport:install Read more…
Making a WordPress Theme. From Scratch. Research + Information Architecture Introduction Making a new WordPress theme from scratch can seem daunting, but it’s pretty easy if you know the steps. This series will explore the techniques you need to employ to build a WordPress theme from scratch. In the series Read more…
This is a short post detailing how to manually setup php fpm with apache on centos7. php fpm is a great solution (especially when used with nginx, but you may want to keep running apache while still having some of the benefits of fmp – you might even be running Read more…