-
Ship secure high quality software faster.
-
Latest Posts
- SaturdayMP Show 36: picoCTF Gym
- SaturdayMP Show 35: GitVersion Lighting Talk for EDMUG
- SaturdayMP Show 34: Upgrade Website from Rails 6 1 to 7 0 Part 6 (Merging & Wrap Up)
- SaturdayMP Show #33: Upgrading Website from Rails 6.1 to 7.0 Part 5 (Removing Webpack CI Fixes)
- SaturdayMP Show #32: Upgrading Website from Rails 6.1 to 7.0 Part 4 (Removing Webpack)
-
Tag! Your it!
.NET .NET Core ASP.NET MVC BackAndForth Behemoth Garden BEMCheckBox Birm C# DataGrip Docker Edmonton .NET User Group Entity Framework fun GitHub hack the box Introduction to ORMs for DBAs ios jetbrains kids thinking outside the box Mini-Compressor native-binding nginx NUnit ORM react Reduce image size Reduce photo size ruby RubyMine ruby on rails saturdaymp show security Smaller images software development sql-server standard ruby Takeaways TeamCity Temporal Database Today I Learned Ubuntu xamarin xamarin ios .net native-binding xplugins xplugins.iOS.BEMCheckBox
-
Archives
April 2024 M T W T F S S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Tag Archives: security
SaturdayMP Show 36: picoCTF Gym
In this episode I do some picoCTF exercises inspired by the picoCTF 2024 competition starting. The last problem was a Unicode byte problem that I figured out with help from GitHub Copilot. I don’t fully understand the solution so let … Continue reading
Posted in Code Examples, Saturday MP Show, Security
Tagged ctf, picoctf, saturdaympshow, security
Comments Off on SaturdayMP Show 36: picoCTF Gym
SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)
Happy Holidays! In this episode I do a walkthrough of the TPS Report Uploader capture the flag (CTF) I created. The walkthrough includes how to exploit the vulnerabilities and how to fix them in this .NET 8 Blazor application. You … Continue reading
Posted in Saturday MP Show, Security, Software Development
Tagged .NET, blazor, Burp Suite, gobuster, saturdaymp show, security
Comments Off on SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)
SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)
In this episode I find the root flag for the Busqueda machine on Hack the Box. Took a wrong turn looking for Gitea and Git vulnerabilities but eventually found the root flag with help from the walkthrough. Watch part 2 … Continue reading
Posted in Saturday MP Show, Security
Tagged hack the box, saturdaymp show, security
Comments Off on SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)
SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)
In this episode I get a reverse shell working and make some progress on capturing the root flag. Spoiler: There is a self hosted GitHub like website. Watch part 1 of me hacking the Busqueda machine at: Thanks to Hack … Continue reading
Posted in Saturday MP Show, Security
Tagged hack the box, reverse shell, saturdaymp show, security
Comments Off on SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)
Don’t Commit Sensitive Information to the Repository
One of the most common security issues I in code reviews is sensitive information, such as production credentials, API keys, etc, in the source code. The source code I just pulled from the repository. The source code all the developers … Continue reading
Posted in Security
Tagged credentials, security
Comments Off on Don’t Commit Sensitive Information to the Repository
Saturday MP Show #17: Hack the Box – Busqueda (User Flag)
In this episode I find the user flag for the Busqueda machine on Hack the Box. Perhaps with a little help from the walkthrough and Chat GPT to assist with my lack of Python knowledge. Thanks to Hack the Box … Continue reading
Posted in Saturday MP Show, Security
Tagged hack the box, saturdaymp show, security
Comments Off on Saturday MP Show #17: Hack the Box – Busqueda (User Flag)
Today I Learned about Gobuster
I’ve made it a goal for 2023 to increase my security knowledge. This was based on increase in security related questions from clients. Specifically related to website security as most of my current work is maintaining websites for clients. One … Continue reading
Posted in Security, Today I Learned
Tagged gobuster, hack the box, kali, security, Today I Learned
Comments Off on Today I Learned about Gobuster
Rate Limiting Using Nginx and Fail2Ban – BSides Edmonton 2022
I’m honored to be presenting at BSides Edmonton on November 25, 2022. I’ll be demoing rate limiting using nginx and Fail2Ban. You can find the demo here in-case you want to follow along during the demo or you want a preview/spoiler. While I’m … Continue reading
Posted in Code Examples, Presentations, Security
Tagged bsides, fail2ban, nginx, presentation, security
Comments Off on Rate Limiting Using Nginx and Fail2Ban – BSides Edmonton 2022
Today I Learned how to Secure the Delayed Job Page with Spree Users
A client has an online store that is powered by an older version of Spree. I’m in the process of upgrading it and adding features to it at the same time. It’s a slow process as upgrading to newer versions … Continue reading
Posted in Today I Learned
Tagged delayed jobs, devise, ruby on rails, security, spree, Today I Learned
Comments Off on Today I Learned how to Secure the Delayed Job Page with Spree Users