-
Ship secure high quality software faster.
-
Latest Posts
- SaturdayMP Show 36: picoCTF Gym
- SaturdayMP Show 35: GitVersion Lighting Talk for EDMUG
- SaturdayMP Show 34: Upgrade Website from Rails 6 1 to 7 0 Part 6 (Merging & Wrap Up)
- SaturdayMP Show #33: Upgrading Website from Rails 6.1 to 7.0 Part 5 (Removing Webpack CI Fixes)
- SaturdayMP Show #32: Upgrading Website from Rails 6.1 to 7.0 Part 4 (Removing Webpack)
-
Tag! Your it!
.NET .NET Core ASP.NET MVC BackAndForth Behemoth Garden BEMCheckBox Birm C# DataGrip Docker Edmonton .NET User Group Entity Framework fun GitHub hack the box Introduction to ORMs for DBAs ios jetbrains kids thinking outside the box Mini-Compressor native-binding nginx NUnit ORM react Reduce image size Reduce photo size ruby RubyMine ruby on rails saturdaymp show security Smaller images software development sql-server standard ruby Takeaways TeamCity Temporal Database Today I Learned Ubuntu xamarin xamarin ios .net native-binding xplugins xplugins.iOS.BEMCheckBox
-
Archives
April 2024 M T W T F S S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Category Archives: Security
SaturdayMP Show 36: picoCTF Gym
In this episode I do some picoCTF exercises inspired by the picoCTF 2024 competition starting. The last problem was a Unicode byte problem that I figured out with help from GitHub Copilot. I don’t fully understand the solution so let … Continue reading
Posted in Code Examples, Saturday MP Show, Security
Tagged ctf, picoctf, saturdaympshow, security
Comments Off on SaturdayMP Show 36: picoCTF Gym
SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)
Happy Holidays! In this episode I do a walkthrough of the TPS Report Uploader capture the flag (CTF) I created. The walkthrough includes how to exploit the vulnerabilities and how to fix them in this .NET 8 Blazor application. You … Continue reading
Posted in Saturday MP Show, Security, Software Development
Tagged .NET, blazor, Burp Suite, gobuster, saturdaymp show, security
Comments Off on SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)
SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)
In this stunning conclusion to the 3 part series I finally get HTTP Basic Authentication working. Including merging my changes into the main branch in GitLab and making sure it works in staging and production in Render. The video is … Continue reading
Posted in Saturday MP Show, Security, Software Development
Tagged Docker, gitlab, http basic auth, nginx, passenger, render, ruby on rails, saturdaympshow
Comments Off on SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)
SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)
In this episode I find the root flag for the Busqueda machine on Hack the Box. Took a wrong turn looking for Gitea and Git vulnerabilities but eventually found the root flag with help from the walkthrough. Watch part 2 … Continue reading
Posted in Saturday MP Show, Security
Tagged hack the box, saturdaymp show, security
Comments Off on SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)
SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)
In this episode I get a reverse shell working and make some progress on capturing the root flag. Spoiler: There is a self hosted GitHub like website. Watch part 1 of me hacking the Busqueda machine at: Thanks to Hack … Continue reading
Posted in Saturday MP Show, Security
Tagged hack the box, reverse shell, saturdaymp show, security
Comments Off on SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)
Don’t Commit Sensitive Information to the Repository
One of the most common security issues I in code reviews is sensitive information, such as production credentials, API keys, etc, in the source code. The source code I just pulled from the repository. The source code all the developers … Continue reading
Posted in Security
Tagged credentials, security
Comments Off on Don’t Commit Sensitive Information to the Repository
Saturday MP Show #17: Hack the Box – Busqueda (User Flag)
In this episode I find the user flag for the Busqueda machine on Hack the Box. Perhaps with a little help from the walkthrough and Chat GPT to assist with my lack of Python knowledge. Thanks to Hack the Box … Continue reading
Posted in Saturday MP Show, Security
Tagged hack the box, saturdaymp show, security
Comments Off on Saturday MP Show #17: Hack the Box – Busqueda (User Flag)
See you at BSides Edmonton 2023
I am excited to announce that I’ll be attending BSides Edmonton this year! I’m looking forward to increasing my cyber security knowledge from the talks, CTF, and fellow attendees. Specially I’m looking to learn the latest best practices for protecting my clients websites and … Continue reading
Today I Learned about Gobuster
I’ve made it a goal for 2023 to increase my security knowledge. This was based on increase in security related questions from clients. Specifically related to website security as most of my current work is maintaining websites for clients. One … Continue reading
Posted in Security, Today I Learned
Tagged gobuster, hack the box, kali, security, Today I Learned
Comments Off on Today I Learned about Gobuster
Rate Limiting Using Nginx and Fail2Ban – BSides Edmonton 2022
I’m honored to be presenting at BSides Edmonton on November 25, 2022. I’ll be demoing rate limiting using nginx and Fail2Ban. You can find the demo here in-case you want to follow along during the demo or you want a preview/spoiler. While I’m … Continue reading
Posted in Code Examples, Presentations, Security
Tagged bsides, fail2ban, nginx, presentation, security
Comments Off on Rate Limiting Using Nginx and Fail2Ban – BSides Edmonton 2022