In this post I will write my own simple penetration testing, trying to exploit Phrogress with simple common SQL Injection vurnerability. To simplify and automate the testing process, we are going to use tools
We are going to test Project Details page. To access the page, we need to be authenticated first, so we need to give
cookie header to the sqlmap.
adam@redframe:~$ sqlmap -u "http://0.0.0.0:3000/projects/3*" --headers="cookie: _phrogress_session=ZGpOTUQ5aEFic243ZGxsR1Q2QmsrNzYzbWJlWXZJQjN0ZnBuN0NtYWVaNVV1bzAwS2c1bENQbTlVRHNhdnNEQndqYUg5UkZmdWhqcEJyNWU1clhKem56cHVNeU1XbzdEZVZZc3pCNFE0L2txem8rd2dNdnRNWi8vcmtUMVF5N01JWklnQnBEYjlxVDZYWlRSc2QzbDZLOGhObVFtTHZvZWJGcWx5OGs0bU5HV08xalFyWVBHbzlxeWtLVS9Fc2Fad3A2Y0ViM3VVQ0l0V2NBUEZvV1RqNDVwcmx6dWJ0Q3lmQ1VaS3c0SUlVWm5xZEtFdTU4UUFwNUFPK2gxb3FpTDUxSXNUMjhaSkwvbzZEd0Y2SWRHZXV0d2k4eno2VUM1aXNzTlZueTl3TGF5WWdYZTAyUzk5dHl0aDdnNHd6eElZZXhDcTdlS2ZSa0VRdXNqSGUyUzRhK3BWcmtWaStZcHNkb2UxcGxXYi9qRTl3Q1pBeUtCWVZhTFBmVnU0RGxEMkdvTmtuckNrQUNHUHNUMDlHb0JjTU5qeXorYmZyME1YTnc2dWk0RHRFZVlrUzA3dUhjVkhKQUtETE5ZbFNyci0tR0FYcndKMGVOWlhBaEg1MjhsU3o2Zz09--4341b6586c94c6d60e93abd70df968f889316650"
Continue reading “Simple SQL Injection testing”
Test-driven development ensures our project satisfies some requirements set by our product owner. “Why some requirements?”, you might ask — it is because TDD often emphasizes on the functional requirements. Non-functional requirements — like stability of a system — will need to be tested separately, often using external tools separate from the project’s framework. In this post I’ll explore on how to the stability of iur project using Load Impact’s k6 stress tester.
Continue reading “Stress Testing with Load Impact’s k6”
In the last post, I talked about how RSpec is insufficient in testing codes that run in thread different than the one RSpec runs in. So I decided to try using MiniTest, and it kind of works. Yay!
Continue reading “Roses are Red, I Catch Flu; How I Succeed on Testing My Own Code (Part Two)”
Welcome back readers! Well, after creating 2 posts explaining about testing on frontend in a row, on this time I’ll also talk about testing! Lol. Actually this time will be more general. However, I applied this knowledge most of cases on frontend so I’ll give an example on frontend side too haha, forgive me plz. Yep, on this time I will talk about testing techniques which are spy, stub, and mock. I was really really starved to know what actually they are and now I want to end my curiosity. I’ll explain to you what actually they are! 😀
Continue reading “Understanding Spy, Stub, and Mock”
On my last post, I’ve talked about shallow rendering to test React components. This post is the sequel of that post since I’ll also talk about testing React components. The shallow rendering that I’ve done on the last post is using the help from
createRenderer function from React Addons Test Utils. Unfortunately, (until now) there are no function for traversing React element trees neatly just by using the help from React Addons Test Utils. If you want to check an element somewhere deep in the component tree, you will end up in a long chaining of
props.children.props.children… which it also happened to me and I think it’s not elegant.
Continue reading “Golden Way to Traverse React Components on Shallow Rendering Approach”
After my RbCAW-related tasks are (mostly) done on the last sprint, my current responsibility as a back-back-end developer is to implement caching so hopefully our homepage will load in less than half a minute
crosses finger. Unfortunately, testing the caching mechanism is a pain in the back.
Continue reading “Roses are Red, Bombs Explode; How I Failed to Test My Own Code”
Fast, isolated/independent, repeatable, self-validating and thorough/timely. Those are the F.I.R.S.T princliples of proper software testing. But, those criterias might not be achievable because of the nature of the tested code. What could we do to achieve those principles? Fool the tests. Continue reading “Fooling Your Own Tests”