Tag: web applications

Behind basic auth

Basic authentication is one of the simples methods of providing credentials to access resources. Today I’m going to take a look on it and provide you with an example of a web page utilizing this mechanism written with PHP and Apache. How does basic authentication work? On request to a protected resource, the server sends […]

How is blacksheephacks.pl attacked?

AH-64 attack helicopter

Since the very beginning of the existence of this service I was sure that people visiting me would sooner or later start attacking me. Maybe not with helicopters like in image but in a more intangible way. I’ve also said that I’m OK with it as long as responsible disclosure is used and I’m even […]

Issues with JWT

I hoped this would never happen, but here we go. I have problems with managing to deliver an article for Wednesday not because I have so little time, but because I have no idea for an article. I’ve fooled around a little bit with network recon labs on Pentester Academy, I’ve fooled around python imports, […]

CSRF Protection – Part 2

Before I begin, I owe you an apology. In previous part I told that I would like to describe prevention mechanism, but when I got down to coding, I thought that this would be rather tedious and uninteresting. If you want to see how it works, just go to Flask’s WTF forms extension on github […]

CSRF protection – part 1.

CSRF – Cross Site Request Forgery is an attack in which the user performs unauthorized actions on a web page they are signed in to. In this article I will describe the theory behind it and in next part (available here), I’ll give you some code to fool around with. What is the problem? Imagine […]

XSS in Django Admin

AS web developer my every day tasks involve working with Django which I like since it’s quite secure framework (compare with CVE list). Nevertheless as some say: “shit happens” and vulnerabilities are found. Some time ago a problem in admin panel that allowed for XSS attacks was discovered. Example application In order to give you […]