On Attempting OSCP
OSCP (Offensive Security Certified Professional) is one of the best known certification in penetration testing. This is also one of the most, if not the most challenging one as well. As it turns out, I gave it a try (spoiler alert, I did not succeed) and I am writing...
A Simple Approach to Mock HttpClient Calls
The current recommended approach to do HTTP calls using C# is to use HttpClient. This class is disposable, meaning that it should be used inside a using statement. For example, like in this class: [crayon-67684cd176793979457197/] This ensures that the HttpClient instance is properly disposed by the garbage collector once...
How To: Mitigate SQL Injection from Untrusted Table Name
Multiple techniques exist to mitigate SQL injection: use a white list, parameterization, etc. OWASP has a complete prevention cheat sheet here. However, this cheat sheet covers cases where the untrusted input goes in a WHERE statement. What would be the best approach if the untrusted input is the table...
Integrating Security in the SDLC – A Different Approach
As I am specializing in application security, I begin to realize the problems that lead to badly protected applications. One of those problems, if you ask me, is the fact that for most organizations, security is an afterthought. They do some penetration testing on the applications only from time...
How To: Publish Files that Are Not Included in a Visual Studio Project
If you are building a web application using Visual Studio, you are likely to use the Publish feature. Occasionally, you will want to exclude some files of your project and include external ones in the publish process. How would you do that? Let’s use the following example. Prior to...
(Some) Maze Generation Algorithms
When I was studying Software Engineering, I wrote (for fun) a program that generates mazes. I wrote a variety of algorithms and bellow you will find some that I implemented. The algorithms are all written in pseudo-code. Before diving in, a few clarifications: Cell: a block that can be...
Manage Your RSS Feeds with Feedly
I always had a hard time to follow all the podcasts, blogs, news websites, etc. that I am interested in. Subscribing to newsletters is not enough. It is hard to manage all that information given the number of emails we receive every day. This is why I use Feedly...
How To: Mock a Static Method in Java
As you know, at the time of writing, mainstream Java mock libraries such as Mockito or EasyMock cannot mock static methods, final classes, constructors, etc. These limitations sometime force us to put aside good design for test implementation. This is where PowerMock comes into play. It offers some useful...
How To: Format Strings in JavaScript
The majority of modern programming languages offer the possibility to format strings. For example, in Python, you can do the following. [crayon-67684cd1770ea190919376/] If you want to do the equivalent in JavaScript, you will have to either create your own string parser, or use Template literals. To instantiate a Template...
How To: Create Custom Syntax Highlighting in a Visual Studio Code Extension
Visual Studio Code is a really popular IDE these days. It is my new go-to when I need a light and versatile IDE. It is completely customizable. You can create custom extensions in JavaScript or TypeScript with snippets and more. You can also do custom syntax highlighting for an...