When I started working on Breaking Web App Security, I knew I was going to need a lab environment for the students to use. I considered using Docker images with instructions on how to set up the target sites. It didn’t take very long to decide to drop this idea due to the variances that would occur between each student’s … Read More
CSRF and Cross Origin Request Sharing
Cross Site Request Forgery (CSRF) is a pretty straightforward flaw to take advantage of. Explaining it can be more difficult, due to the number of conditions that have to be met. This post isn’t meant to be a primer on CSRF, but here are the conditions that must occur. The targeted app has a critical transaction that uses predictable inputs … Read More
Perils in Session Management: JWT Edition
Session management is a critical area to get right in developing a web application. The developer has to get it right or the entire app is risk of being compromised. Fortunately, the development frameworks have attempted to make this an implementation issue rather than a development issue. A developer just has to pick the mechanism for session management and implement … Read More
The Challenges of Learning Something New
The last six months have been very interesting as I’ve grappled with some ambitious goals and learning some very new skills. Around October of last year I decided to give online training a try and what a ride it has been. I’ve had good technical skills for quite a while and I’ve been a professional trainer. I had already written … Read More
Looking for Malicious PHP Files
I’ve been digging through some PHP files that are trying very hard to hide what they are doing. Basically, the PHP code is base64 encoded and then compressed. The blob of random text is then stuffed into a PHP file which calls eval(gzinflate(base64_decode(“BLOB OF TEXT”))); to decode it and execute it on the web server. While it obscures what the … Read More