During a recent security review I was working on a very simple web application. I needed to determine the size of a payload that would result in a “payload too large” message from the server. The idea being to start with a single character (A) and then (AA) and then (AAA) etc. until the response message changed. I could have done this with Python but as I already had a copy of ZAP open I decided to use it instead. My initial assumption was that this would be easy and straight forward. I was however surprised to find it was not. Thankfully I discovered a solution in the form of the ZAP regular expression payload generator. ...

What it’s sending and how to block it. I tried out Visual Studio Code the other day after hearing a colleague refer to it, and I think I also saw it being used in a video and I liked the look of it. So I went off and grabbed a copy and started playing. The first point of interest for me was the ability to add add-ons, one in particular being remote SSH browsing. I thought this was a great idea so grabbed that too. Here’s where the security fun starts. ...

URL #1 $ curl http://ipecho.net/plain; echo URL #2 $ curl ifconfig.me

Want to improve your coding quality? Here’s how. Add the following line into your /etc/hosts file (Linux) or %WINDIR%\System32\drivers\etc\hosts file (Windows): 0.0.0.0 stackexchange.com

Pipeline now in place I’ve put an auto deployment pipeline in place to make maintaining the site easy That is all for now!

Welcome to my site I will be uploading lots of interesting technical and security related material here soon.