Author Archives: Chris C

SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)

Happy Holidays! In this episode I do a walkthrough of the TPS Report Uploader capture the flag (CTF) I created. The walkthrough includes how to exploit the vulnerabilities and how to fix them in this .NET 8 Blazor application. You … Continue reading

Posted in Saturday MP Show, Security, Software Development | Tagged , , , , , | Comments Off on SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)

SaturdayMP Show #24: Can you use Docker Compose Watch without a Dockerfile?

In this episode I answer a viewer’s question if you can use Docker Compose Watch without a Dockerfile. Actually, it’s more me checking if they are correct. Spoiler alert, they are correct and you can’t use Docker Compose Watch without … Continue reading

Posted in Saturday MP Show, Software Development | Tagged , , , | Comments Off on SaturdayMP Show #24: Can you use Docker Compose Watch without a Dockerfile?

Happy Holidays!

May your holidays be filled with more joy then discovering a legacy project with 90% test coverage, the happiness that rivals getting a project out the door on-time and under budget, and secure from sensitive information leaks from too much … Continue reading

Posted in Fun | Tagged | Comments Off on Happy Holidays!

SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)

In this stunning conclusion to the 3 part series I finally get HTTP Basic Authentication working. Including merging my changes into the main branch in GitLab and making sure it works in staging and production in Render. The video is … Continue reading

Posted in Saturday MP Show, Security, Software Development | Tagged , , , , , , , | Comments Off on SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)

SaturdayMP Show #22: Adding Basic Auth to NGINX Passenger Docker (Part 2)

In this episode I get the Basic Authentication NGINX configuration working using the envsubst tool to replace environment variables in the config file. Ran out of time to test the fix in actual staging. That will hopefully be done in … Continue reading

Posted in Code Examples, Saturday MP Show, Software Development | Tagged , , , , , | Comments Off on SaturdayMP Show #22: Adding Basic Auth to NGINX Passenger Docker (Part 2)

SaturdayMP Show #21: Adding Basic Auth to NGINX Passenger Docker (Part 1)

In this episode I explain and then start to add HTTP Basic Authentication to the Saturday MP website which is a Ruby on Rails application hosted on a Passenger Docker image. As usual I ran into some trouble and at … Continue reading

Posted in Saturday MP Show, Software Development | Tagged , , , , , | Comments Off on SaturdayMP Show #21: Adding Basic Auth to NGINX Passenger Docker (Part 1)

SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)

In this episode I find the root flag for the Busqueda machine on Hack the Box. Took a wrong turn looking for Gitea and Git vulnerabilities but eventually found the root flag with help from the walkthrough. Watch part 2 … Continue reading

Posted in Saturday MP Show, Security | Tagged , , | Comments Off on SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)

Saturday MP Show #19: Comparing Docker Volumes to Docker Compose Watch

In this episode I answer a viewer question from episode #16: Are Docker Volumes are a two way sync?. The answer is kind-of. You can view the question in the comments section of episode #16 where I try out Docker … Continue reading

Posted in Saturday MP Show | Tagged , , , | Comments Off on Saturday MP Show #19: Comparing Docker Volumes to Docker Compose Watch

SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)

In this episode I get a reverse shell working and make some progress on capturing the root flag. Spoiler: There is a self hosted GitHub like website. Watch part 1 of me hacking the Busqueda machine at: Thanks to Hack … Continue reading

Posted in Saturday MP Show, Security | Tagged , , , | Comments Off on SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)

Don’t Commit Sensitive Information to the Repository

One of the most common security issues I in code reviews is sensitive information, such as production credentials, API keys, etc, in the source code. The source code I just pulled from the repository. The source code all the developers … Continue reading

Posted in Security | Tagged , | Comments Off on Don’t Commit Sensitive Information to the Repository