Simple SQL Injection testing

In this post I will write my own simple penetration testing, trying to exploit Phrogress with simple common SQL Injection vurnerability. To simplify and automate the testing process, we are going to use tools sqlmap

We are going to test Project Details page. To access the page, we need to be authenticated first, so we need to give cookie header to the sqlmap.

adam@redframe:~$ sqlmap -u "http://0.0.0.0:3000/projects/3*" --headers="cookie: _phrogress_session=ZGpOTUQ5aEFic243ZGxsR1Q2QmsrNzYzbWJlWXZJQjN0ZnBuN0NtYWVaNVV1bzAwS2c1bENQbTlVRHNhdnNEQndqYUg5UkZmdWhqcEJyNWU1clhKem56cHVNeU1XbzdEZVZZc3pCNFE0L2txem8rd2dNdnRNWi8vcmtUMVF5N01JWklnQnBEYjlxVDZYWlRSc2QzbDZLOGhObVFtTHZvZWJGcWx5OGs0bU5HV08xalFyWVBHbzlxeWtLVS9Fc2Fad3A2Y0ViM3VVQ0l0V2NBUEZvV1RqNDVwcmx6dWJ0Q3lmQ1VaS3c0SUlVWm5xZEtFdTU4UUFwNUFPK2gxb3FpTDUxSXNUMjhaSkwvbzZEd0Y2SWRHZXV0d2k4eno2VUM1aXNzTlZueTl3TGF5WWdYZTAyUzk5dHl0aDdnNHd6eElZZXhDcTdlS2ZSa0VRdXNqSGUyUzRhK3BWcmtWaStZcHNkb2UxcGxXYi9qRTl3Q1pBeUtCWVZhTFBmVnU0RGxEMkdvTmtuckNrQUNHUHNUMDlHb0JjTU5qeXorYmZyME1YTnc2dWk0RHRFZVlrUzA3dUhjVkhKQUtETE5ZbFNyci0tR0FYcndKMGVOWlhBaEg1MjhsU3o2Zz09--4341b6586c94c6d60e93abd70df968f889316650"

Continue reading “Simple SQL Injection testing”

Stress Testing with Load Impact’s k6

Test-driven development ensures our project satisfies some requirements set by our product owner. “Why some requirements?”, you might ask — it is because TDD often emphasizes on the functional requirements. Non-functional requirements — like stability of a system — will need to be tested separately, often using external tools separate from the project’s framework. In this post I’ll explore on how to the stability of iur project using Load Impact’s k6 stress tester.

Continue reading “Stress Testing with Load Impact’s k6”

Understanding Spy, Stub, and Mock

Welcome back readers! Well, after creating 2 posts explaining about testing on frontend in a row, on this time I’ll also talk about testing! Lol. Actually this time will be more general. However, I applied this knowledge most of cases on frontend so I’ll give an example on frontend side too haha, forgive me plz. Yep, on this time I will talk about testing techniques which are spy, stub, and mock. I was really really starved to know what actually they are and now I want to end my curiosity. I’ll explain to you what actually they are! 😀

Continue reading “Understanding Spy, Stub, and Mock”

Golden Way to Traverse React Components on Shallow Rendering Approach

On my last post, I’ve talked about shallow rendering to test React components. This post is the sequel of that post since I’ll also talk about testing React components. The shallow rendering that I’ve done on the last post is using the help from createRenderer function from React Addons Test Utils. Unfortunately, (until now) there are no function for traversing React element trees neatly just by using the help from React Addons Test Utils. If you want to check an element somewhere deep in the component tree, you will end up in a long chaining of props.children.props.children… which it also happened to me and I think it’s not elegant.

Continue reading “Golden Way to Traverse React Components on Shallow Rendering Approach”

Roses are Red, Bombs Explode; How I Failed to Test My Own Code

After my RbCAW-related tasks are (mostly) done on the last sprint, my current responsibility as a back-back-end developer is to implement caching so hopefully our homepage will load in less than half a minutecrosses finger. Unfortunately, testing the caching mechanism is a pain in the back.

Continue reading “Roses are Red, Bombs Explode; How I Failed to Test My Own Code”