Tag: web applications

How to deploy a project in Django on AWS?

Posted on 28 December 2021 | By gonczor | No comments

I’ve recently done a pet project on Django and AWS to better get to know those 2 platforms. Unfortunately I’m unable to deliver enough tutorials to justify maintaining the entire environment, but I’m eager to share my experience, what went well, what went wrong. If you like this post, subscribe to the newsletter to keep […]

Behind basic auth

Posted on 25 December 2019 | By gonczor | No comments

Basic authentication is one of the simples methods of providing credentials to access resources. Today I’m going to take a look on it and provide you with an example of a web page utilizing this mechanism written with PHP and Apache. How does basic authentication work? On request to a protected resource, the server sends […]

How is blacksheephacks.pl attacked?

Posted on 27 November 2019 | By gonczor | No comments

Since the very beginning of the existence of this service I was sure that people visiting me would sooner or later start attacking me. Maybe not with helicopters like in image but in a more intangible way. I’ve also said that I’m OK with it as long as responsible disclosure is used and I’m even […]

Issues with JWT

Posted on 13 November 2019 | By gonczor | No comments

I hoped this would never happen, but here we go. I have problems with managing to deliver an article for Wednesday not because I have so little time, but because I have no idea for an article. I’ve fooled around a little bit with network recon labs on Pentester Academy, I’ve fooled around python imports, […]

CSRF Protection – Part 2

Posted on 9 October 2019 | By gonczor | No comments

Fun of bypassing CSRF protection - Putting giving a request a session cookie

Before I begin, I owe you an apology. In previous part I told that I would like to describe the CSRF protection mechanism, but when I got down to coding, I thought that this would be rather tedious and uninteresting. If you want to see how it works, just go to Flask’s WTF forms extension […]

CSRF protection – part 1.

Posted on 24 September 2019 | By gonczor | No comments

CSRF – Cross Site Request Forgery is an attack in which the user performs unauthorized actions on a web page they are signed in to. In this article I will describe the theory behind it and in next part (available here), I’ll give you some code to fool around with. What is the problem? Imagine […]

XSS in Django Admin

Posted on 3 July 2019 | By gonczor | No comments

AS web developer my every day tasks involve working with Django which I like since it’s quite secure framework (compare with CVE list). Nevertheless as some say: “shit happens” and vulnerabilities are found. Some time ago a problem in admin panel that allowed for XSS attacks was discovered. Example application In order to give you […]

Black Sheep Hacks

/bin/whoami

/bin/find

Privacy Policy

/usr/ – all entries by category

/bin/watch