Researching new vulnerabilities, techniques or concepts can be
time-consuming and sometimes chaotic. A streamlined workflow is
necessary to make the process as efficient as possible. This article
describes the open source tools and well-known standards that I'm
currently using for that purpose.
When processing untrusted user input for (web) applications, filter the input, and encode the output. That is the most widely given advice in order to prevent (server-side) injections. Yet it can be deceivingly difficult to properly encode (user) input. Encoding is dependent on the type of output - which means that for example a string, which will be used in a JavaScript variable, should be treated (encoded) differently than a string which will be used in plain HTML.
When outputting untrusted user input, one should encode or escape, based on the context, the location of the output.
And what's the difference between escaping and encoding ?
Encoding is transforming data from one format into another format.
Escaping is a subset of encoding, where not all characters need to be encoded. Only some characters are encoded (by using an escape character).
There are quite a number of encoding mechanisms, which make this more difficult than it might look at first glance.
URL encoding is a method to encode information in a Uniform Resource Identifier. There's a set of reserved characters, which have special meaning, and unreserved, or safe characters, which are safe to use. If a character is reserved, then the …
I'm a big fan of the DevOps attitude of "cattle" versus "pets": machines should be built in a repeatable, automated and consistent way. If there's something wrong, don't be afraid to replace a sick "cow" instead of trying to revive your "pet".
This Zen mindset also helps when preparing for demos, trainings and workshops: Usually I need a number of machines, and what better way than create them by using automation ? For that I'm using the tools Ansible, Packer, Vagrant and VirtualBox - they are all Open Source and can be used on a number of platforms (e.g. Windows, Linux and Mac OS X).
Ansible is a tool for managing systems and deploying applications, licensed under the GNU General Public License version 3 (my personal favorite).
Vagrant is a tool for managing virtual machines and is licensed under the MIT license.
VirtualBox is a virtualization environment for local use, licensed under the GNU General Public License version 2.
Packer creates a machine image by installing an operating system to a multitude of local and cloud platforms, for example VMWare, VirtualBox as well as Docker, Amazon EC2 and DigitalOcean. Packer is licensed under the Mozilla Public License Version 2.0.
How …
more ...