Image for post
Image for post
© PortSwigger

Last week we’ve talked about preventing cross-site scripting (XSS): a vulnerability that stems from an attacker’s ability to inject malicious code into the client-side of an application.

This week we’re going to talk about SQL injection attacks: whilst XSS affect the client-side of an application, SQLi affect its backend.

At the core, a SQL injection vulnerability is present whenever an application injects untrusted (anything the application receives from the outside — usually user input data) input into a SQL query in such a way that the data is interpreted as being part of the query logic.

What can an attacker do?

Applications are just a wrapper around some data: truth is in the data and access, interpretation and control of it is in the application. …


Image for post
Image for post
© PortSwigger

Cross-site scripting is one of the most common and popular web attacks.

It allows an attacker to inject client-side code into web applications screens that are then viewed by the victims.

Consequences and impact can vary depending on the type of attacks and context in which the attack is launched.

XSS can be classified as:

  • Self-XSS / Reflected XSS / Non-persistent XSS / Type-II XSS
  • Persistent XSS / Stored XSS / Type-I XSS
  • DOM based XSS

Self-XSS

Let’s suppose we have the following PHP code - PHP just to pick (a legible) one:

Self-XSS Example

Textbook XSS: The victim opens a link that looks…


There’s always a lot of debate in regards to how to safely store passwords and what algorithm to use: MD5, SHA1, SHA256, PBKDF2, Bcrypt, Scrypt, Argon2, plaintext??

So I tried to analyse and summarise the most recent and reasonable choices: Scrypt, Bcrypt and Argon2. …and yes, MD5, SHA1, SHA256 are not suitable for storing passwords! 😉

Image for post
Image for post

A summary

In 2015, I’ve published ‘Password Hashing: PBKDF2, Scrypt, Bcrypt’ intended as an extended reply to a friend’s question.

Summarily saying that:

Attackers have usually different and more specialised (powerful) hardware than ours;

Attackers use specialized hardware because it can be tailored to the algorithm, the different hardware architecture allows certain algorithm to run faster than on non-specialised hardware (CPU) and - overall - certain algorithms can be…


If you are a software engineer, I’m sure at some point you wanted to do ‘some machine learning’, crack the secrets of the Universe and find the ultimate answer to life, the Universe and everything.

However, machine learning can be a pretty big and intimidating topic: a very different paradigm from what you usually do/use on a day-to-day basis, driven by big data, mathematical models… in short: it’s way out of your usual comfort zone.

But that’s OK — In fact, this is is part two of a series of articles in which I’ll try and walk you through the main concepts of machine learning. …


If you are a software engineer, I’m sure at some point you wanted to do ‘some machine learning’, crack the secrets of the Universe and find the ultimate answer to life, the Universe and everything.

However, machine learning can be a pretty big and intimidating topic: a very different paradigm from what you usually do/use on a day-to-day basis, driven by big data, mathematical models,… in short: it’s way out of your usual comfort zone.

But that’s OK — In fact, this is is part one of a series of articles in which I’ll try and walk you through the main concepts of machine learning. …


Image for post
Image for post

P stands for polynomial time.
NP stands for non-deterministic polynomial time.

Polynomial time means that the complexity of the algorithm is O(n^k), where n is the size of your data (e. g. number of elements in a list to be sorted), and k is a constant.
Complexity is time measured in the number of operations it would take, as a function of the number of data items. And an operation is whatever makes sense as a basic operation for a particular task. For sorting the basic operation is a comparison. …


Given two files with the same content, you compress them with gzip, will they still have the same content and the same checksum?

In computer science, a deterministic algorithm is an algorithm which, given a particular input, will always produce the same output, with the underlying machine always passing through the same sequence of states.

Checksums

For many good reasons, from understanding whether file X is the same as file Y or not to detecting any file corruption or MITM attack during a download, we rely on a fixed-length string called checksum.

Image for post
Image for post

The reason why checksums and hashing functions (the algorithms that produce checksums) work is because they are deterministic: if they weren’t so, our life would be much harder! …


Human are all about communication, yet the key point in communication is not the medium but rather the message codification.

Humans

Humans are all about communication. We, as humans, have a very specific need to communicate; it’s part of our evolutionary path and it’s also a fundamental piece of our existence.

Communication is the medium which we are able to explain, to share and to absorb new concepts and new ideas through; it can happen in a verbal manner but it can also happen through visual or tactile feedback.

The key point in communication is not the medium itself but rather the message codification, which needs to be understood by the N-parties involved in the communicative process. In fact, as you are not able to understand people speaking different languages than the ones you’re familiar with, you won’t be able to understand a badly codified visual message; and while you can understand and share empathy for a “well-codified” song, you would not be able to do so if the “song” was simply grey noise. …


I’m dead, I said, and you’re dead, and Daphne is dead, but now I get to do it over. Don’t you see? I have a second chance. I can do better now.

I just stumbled upon this wonderful story written by Esmé Weijun Wang.
She’s affected by the Cotard’s Delusion, in which the afflicted person holds the delusion that he/she is dead.

I think it changed my life or my way of seeing life somehow.

In the beginning of my own experience with Cotard’s delusion, I woke my husband before sunup. Daphne, our dog, stirred, began thumping her papillon-mutt tail against the bedsheets. …


Do we gain security by using multiple slow-hashing functions to safely store a password?

This article was published in 2015, so it doesn’t reflect the current state of things but you can read the 2019 update.

A question has been recently raised to me on password hashing:

Do we gain security by using multiple slow-hashing functions to safely store a password?

While all of these functions are pretty much safe given a proper implementation and good cost parameters (and therefore there’s no need to increase architectural complexity), I wanted to give a wider retrospective on the real security of such a system and I’ll post it here as well. …

About

Michele Preziuso

CEO @KaosDynamics. AWS Certified DevOps Engineer, Solutions Architect @Peach_video. Security fanatic. I build things, I break things. Also a human …sometimes.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store