This article explains how to keep your software repositories free of passwords, tokens, and private keys.
Category: Coding
Automate Your Home Lab on the Oracle Cloud
Deploy your home lab and max out the free tier on the Oracle Cloud with the Terraform automation tool.
Passwordcard.org Wordlist Generator
Passwords suck, bit time. They should be unique per each website, and we are supposed to remember all of them. Password cards help to remember the myriad of passwords. Sadly, these cards are vulnerable to brute-forcing attacks and here is why.
This post introduces a tool called Munchkin, which is a wordlist generator for attacking passwords derived from password cards.
Scanning Websites for SRI Hash Usage with sritest.io
Third-party hosted website assets, such as JavaScript libraries, are vulnerable to tampering. However, a new technique named Subresource Integrity (SRI) is here to protect these external assets.
One problem is the slow implementation of SRI, thus sritest.io was born. The new service enables website owners and frontend developers to evaluate their sites for SRI hash usage. Sritest.io aims to help the widespread implementation of SRI, thus, ultimately protect website visitors from malicious code.
Code Analysis of the Hacking Team Repos
I took the recently leaked git repos from of Hacking Team from GitHub and ran them through a couple of static code analysis tools.
Manual analysis has successfully unfolded a few 0days. Hopefully these results may assist further research.
API Boilerplate in Restify and CoffeeScript
A boilerplate for building API services in Restify, CoffeeScript for Node.js.
It is fully documented and Heroku ready. Also features basic security features such as exception handling and input validation.