On Attempting OSCP

OSCP (Offensive Security Certified Professional) is one of the best known certification in penetration testing. This is also one of the most, if not the most challenging one as well. As it turns out, I gave it a try (spoiler alert, I did not succeed) and I am writing...

A Simple Approach to Mock HttpClient Calls

The current recommended approach to do HTTP calls using C# is to use HttpClient. This class is disposable, meaning that it should be used inside a using statement. For example, like in this class: [crayon-67684cd176793979457197/] This ensures that the HttpClient instance is properly disposed by the garbage collector once...

How To: Mitigate SQL Injection from Untrusted Table Name

Multiple techniques exist to mitigate SQL injection: use a white list, parameterization, etc. OWASP has a complete prevention cheat sheet here. However, this cheat sheet covers cases where the untrusted input goes in a WHERE statement. What would be the best approach if the untrusted input is the table...

Integrating Security in the SDLC – A Different Approach

As I am specializing in application security, I begin to realize the problems that lead to badly protected applications. One of those problems, if you ask me, is the fact that for most organizations, security is an afterthought. They do some penetration testing on the applications only from time...

(Some) Maze Generation Algorithms

When I was studying Software Engineering, I wrote (for fun) a program that generates mazes. I wrote a variety of algorithms and bellow you will find some that I implemented. The algorithms are all written in pseudo-code. Before diving in, a few clarifications: Cell: a block that can be...

Manage Your RSS Feeds with Feedly

I always had a hard time to follow all the podcasts, blogs, news websites, etc. that I am interested in. Subscribing to newsletters is not enough. It is hard to manage all that information given the number of emails we receive every day. This is why I use Feedly...

How To: Mock a Static Method in Java

As you know, at the time of writing, mainstream Java mock libraries such as Mockito or EasyMock cannot mock static methods, final classes, constructors, etc. These limitations sometime force us to put aside good design for test implementation. This is where PowerMock comes into play. It offers some useful...

How To: Format Strings in JavaScript

The majority of modern programming languages offer the possibility to format strings. For example, in Python, you can do the following. [crayon-67684cd1770ea190919376/] If you want to do the equivalent in JavaScript, you will have to either create your own string parser, or use Template literals.  To instantiate a Template...