-
Ship secure high quality software faster.
-
Latest Posts
-
Tag! Your it!
.NET .NET Core ASP.NET MVC BackAndForth Behemoth Garden BEMCheckBox Birm C# DataGrip Docker Edmonton .NET User Group Entity Framework fun GitHub hack the box human resource machine Introduction to ORMs for DBAs ios kids thinking outside the box Mini-Compressor native-binding NUnit ORM react Reduce image size Reduce photo size ruby RubyMine ruby on rails saturdaymp show saturdaympshow security Smaller images software development sql-server standard ruby Takeaways TeamCity Temporal Database Today I Learned Ubuntu xamarin xamarin ios .net native-binding xplugins xplugins.iOS.BEMCheckBox
-
Archives
Author Archives: Chris C
SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)
Happy Holidays! In this episode I do a walkthrough of the TPS Report Uploader capture the flag (CTF) I created. The walkthrough includes how to exploit the vulnerabilities and how to fix them in this .NET 8 Blazor application. You … Continue reading
Posted in Saturday MP Show, Security, Software Development
Tagged .NET, blazor, Burp Suite, gobuster, saturdaymp show, security
Comments Off on SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)
SaturdayMP Show #24: Can you use Docker Compose Watch without a Dockerfile?
In this episode I answer a viewer’s question if you can use Docker Compose Watch without a Dockerfile. Actually, it’s more me checking if they are correct. Spoiler alert, they are correct and you can’t use Docker Compose Watch without … Continue reading
Posted in Saturday MP Show, Software Development
Tagged Docker, docker compose, docker compose watch, saturdaymp show
Comments Off on SaturdayMP Show #24: Can you use Docker Compose Watch without a Dockerfile?
Happy Holidays!
May your holidays be filled with more joy then discovering a legacy project with 90% test coverage, the happiness that rivals getting a project out the door on-time and under budget, and secure from sensitive information leaks from too much … Continue reading
SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)
In this stunning conclusion to the 3 part series I finally get HTTP Basic Authentication working. Including merging my changes into the main branch in GitLab and making sure it works in staging and production in Render. The video is … Continue reading
Posted in Saturday MP Show, Security, Software Development
Tagged Docker, gitlab, http basic auth, nginx, passenger, render, ruby on rails, saturdaympshow
Comments Off on SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)
SaturdayMP Show #22: Adding Basic Auth to NGINX Passenger Docker (Part 2)
In this episode I get the Basic Authentication NGINX configuration working using the envsubst tool to replace environment variables in the config file. Ran out of time to test the fix in actual staging. That will hopefully be done in … Continue reading
Posted in Code Examples, Saturday MP Show, Software Development
Tagged Docker, http basic auth, nginx, passenger, ruby on rails, saturdaymp show
Comments Off on SaturdayMP Show #22: Adding Basic Auth to NGINX Passenger Docker (Part 2)
SaturdayMP Show #21: Adding Basic Auth to NGINX Passenger Docker (Part 1)
In this episode I explain and then start to add HTTP Basic Authentication to the Saturday MP website which is a Ruby on Rails application hosted on a Passenger Docker image. As usual I ran into some trouble and at … Continue reading
Posted in Saturday MP Show, Software Development
Tagged Docker, http basic auth, nginx, passenger, ruby on rails, saturdaymp show
Comments Off on SaturdayMP Show #21: Adding Basic Auth to NGINX Passenger Docker (Part 1)
SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)
In this episode I find the root flag for the Busqueda machine on Hack the Box. Took a wrong turn looking for Gitea and Git vulnerabilities but eventually found the root flag with help from the walkthrough. Watch part 2 … Continue reading
Posted in Saturday MP Show, Security
Tagged hack the box, saturdaymp show, security
Comments Off on SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)
Saturday MP Show #19: Comparing Docker Volumes to Docker Compose Watch
In this episode I answer a viewer question from episode #16: Are Docker Volumes are a two way sync?. The answer is kind-of. You can view the question in the comments section of episode #16 where I try out Docker … Continue reading
Posted in Saturday MP Show
Tagged docker compose, docker compose watch, docker volumes, saturdaymp show
Comments Off on Saturday MP Show #19: Comparing Docker Volumes to Docker Compose Watch
SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)
In this episode I get a reverse shell working and make some progress on capturing the root flag. Spoiler: There is a self hosted GitHub like website. Watch part 1 of me hacking the Busqueda machine at: Thanks to Hack … Continue reading
Posted in Saturday MP Show, Security
Tagged hack the box, reverse shell, saturdaymp show, security
Comments Off on SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)
Don’t Commit Sensitive Information to the Repository
One of the most common security issues I in code reviews is sensitive information, such as production credentials, API keys, etc, in the source code. The source code I just pulled from the repository. The source code all the developers … Continue reading
Posted in Security
Tagged credentials, security
Comments Off on Don’t Commit Sensitive Information to the Repository