Admin, Author at SDET.US - Page 2 of 30's Posts

Setting Up Firebase with Angular 2 (ADVANCED)

In the previous tutorial, I mentioned how to setup Angular 2 with Firebase as your real-time database. That method is limited and you’re using a bit of Javascript to maintain the database connection.  There’s a better way using angularfirebase2 instead of the basic firebase module. You’ll need a Firebase account and project set up.  If you don’t have one, check out the prev... »

Setting Up Angular 2 with Firebase (EASY)

Firebase is a really awesome product from Google – it provides several points of functionality, including a real-time database.  This tutorial will walk through what you need to do to configure your Angular app to use Firebase. Setting Up Your Firebase Account First things first, go to firebase.google.com and create your firebase account. Create a Firebase DB Next, click the console link (ht... »

Typescript REPL

I came across this the other day, while I was reading “ng-Book 2” from fullstack.io.  They introduced a REPL module for Typescript.  It’s called tsun.  It works just like a REPL in Ruby or Python.  It provides an interactive shell, where you can test out code and see instant results to your commands.  This is a great way to test out ideas or code concepts. To install tsun, you mu... »

Setting up a PenTest Lab (Windows & Kali VMs)

Purpose The purpose of this task is to set up a home network that allows the testing of software security within a confined space, not accessible from the outside world.  You can install your applications that you test in a secured lab. For a home based lab, you can set up several VM’s to suit your needs.  Typically you’ll want some Windows varieties in the lab and your attack vector m... »

Form Fuzzing with Python and Mechanize

Another module in the Python standard library, is that of Mechanize.  Mechanize is a Python headless browser.  With Mechanize you can interact with web applications.  This could allow for headless verification of functionality (QA) or could be used in Penetration Testing. Proof of Concept with Python Mechanize In the following POC, I wrote a little script that interacted with some test web apps I ... »

Link Harvesting in Python

I’ve done extensive work with link validation in websites, using a mix of Ruby / Anemone (spidering library) and Watir (web automation library.) In this post I’ll cover a similar approach from the Python side using Python and BeautifulSoup.  What’s nice about this pairing is that it’s all part of the standard library in Python.  You don’t have to install or download a... »

Notes: Python and Packet Headers

Some notes taken from Vivek Ramachandran’s course on Penetration Testing with Python Network Packets Packets are layered in encapsulated data like so: > Ethernet > IP > TCP > Application Data First 14 bytes are the ethernet header Network Byte Order Unlike Little Endian format on a regular computer, the network protocols will send the byte ordering Big Endian format.  This means ... »

WebApp Vulnerability: System Binaries

While some compiled software applications are vulnerable to attack vectors like Buffer Overflow attacks, websites usually don’t fall prey to the same exact vector. Websites make use of a server to host the application (Jetty, Tomcat, Heroku, etc.) which hosts the app itself.  While there may be vulnerabilities in the web app, most web development frameworks (Java/Spring, Ruby on Rails, Djang... »

Buffer Overflow Basics

When you take a course on security, probably one of the more fascinating topics is getting a shell on a remote system.  In most cases the user who pops a shell on a remote system takes on the access levels of the application that was violated. Buffer Overflow The concept behind a Buffer Overflow attack is that there’s an application running on a system.  This application has a vulnerability ... »

Finding Open Ports Listening on your LocalHost (using nmap)

From RedHat’s Security Guide, you can simply use a quick nmap usage of: nmap -sT -O 127.0.0.1 On a BSD system like OSX, you have to sudo the command.  Once complete it will return a list of ports open and listening for connections.   »

Page 2 of 301234»