Simple SQL Injection testing

In this post I will write my own simple penetration testing, trying to exploit Phrogress with simple common SQL Injection vurnerability. To simplify and automate the testing process, we are going to use tools sqlmap

We are going to test Project Details page. To access the page, we need to be authenticated first, so we need to give cookie header to the sqlmap.

adam@redframe:~$ sqlmap -u "http://0.0.0.0:3000/projects/3*" --headers="cookie: _phrogress_session=ZGpOTUQ5aEFic243ZGxsR1Q2QmsrNzYzbWJlWXZJQjN0ZnBuN0NtYWVaNVV1bzAwS2c1bENQbTlVRHNhdnNEQndqYUg5UkZmdWhqcEJyNWU1clhKem56cHVNeU1XbzdEZVZZc3pCNFE0L2txem8rd2dNdnRNWi8vcmtUMVF5N01JWklnQnBEYjlxVDZYWlRSc2QzbDZLOGhObVFtTHZvZWJGcWx5OGs0bU5HV08xalFyWVBHbzlxeWtLVS9Fc2Fad3A2Y0ViM3VVQ0l0V2NBUEZvV1RqNDVwcmx6dWJ0Q3lmQ1VaS3c0SUlVWm5xZEtFdTU4UUFwNUFPK2gxb3FpTDUxSXNUMjhaSkwvbzZEd0Y2SWRHZXV0d2k4eno2VUM1aXNzTlZueTl3TGF5WWdYZTAyUzk5dHl0aDdnNHd6eElZZXhDcTdlS2ZSa0VRdXNqSGUyUzRhK3BWcmtWaStZcHNkb2UxcGxXYi9qRTl3Q1pBeUtCWVZhTFBmVnU0RGxEMkdvTmtuckNrQUNHUHNUMDlHb0JjTU5qeXorYmZyME1YTnc2dWk0RHRFZVlrUzA3dUhjVkhKQUtETE5ZbFNyci0tR0FYcndKMGVOWlhBaEg1MjhsU3o2Zz09--4341b6586c94c6d60e93abd70df968f889316650"

Continue reading “Simple SQL Injection testing”

Advertisements

Stress Testing with Load Impact’s k6

Test-driven development ensures our project satisfies some requirements set by our product owner. “Why some requirements?”, you might ask — it is because TDD often emphasizes on the functional requirements. Non-functional requirements — like stability of a system — will need to be tested separately, often using external tools separate from the project’s framework. In this post I’ll explore on how to the stability of iur project using Load Impact’s k6 stress tester.

Continue reading “Stress Testing with Load Impact’s k6”

Git Workflow & Branching – An Aftermath

Git is such a masterpiece tool that programmers use for collaboration work with others. Use it carefully and it will help you very much. Careful you not will trigger a wildfire in the codes. In our implementation of git workflow and branching, we have faced some problems. Actually, I don’t know what to write, so let’s just pretend this is a serious problem.

btw, Git 2.13.0 just released by our Savior, Torvalds
Continue reading “Git Workflow & Branching – An Aftermath”

Looking Back to Our Backend

Because platform selection review is mandatory

Ruby_on_Rails.svg_

Rails is an open source web framework build on top of ruby, first released on December 2005. It uses MVC design pattern and emphasize CoC (Convention over Configuration) and DRY (Don’t Repeat Yourself) paradigm. Ruby itself is known as a clear and lean language. So in the ideation phase of this project, when faced with the problem presented to us, we thought that RoR is a suitable solution.

Continue reading “Looking Back to Our Backend”

Design Pattern – Template Method

In this time, I will explain about one of design pattern that you can apply when developing a software. Yep, the pattern is called by Template Method. I also applied Template Method pattern when developing our project. In a simple explanation, Template Method is a pattern where there’s an abstract class that contains template(s) to execute its methods then its subclasses can override the method implementation as what’s needed.

Continue reading “Design Pattern – Template Method”