Ir al contenido principal

Entradas

How to test your application for XSS vulnerabilities using XSStrike

When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful attack and test multiple alternatives. You can use an app like XSStrike to automate this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1.Pre-reqs Have node.js installed for the sample app Have Docker installed 2.Using XSStrike Create the dockerfile with xsstrike FROM continuumio/anaconda3 WORKDIR /workdir RUN apt-get install -y unzip ADD https://github.com/s0md3v/XSStrike/archive/master.zip ./ RUN unzip master.zip && \ rm master.zip RUN conda config --append channels conda-forge && \ conda install fuzzywuzzy requests ENTRYPOINT ["python", "./XSStrike-master/xsstrike.py"] Build the image docker build -t xsstr…
Entradas recientes

How to test your application for XSS vulnerabilities using XSSer

When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful attack and test multiple alternatives. You can use an app like XSSer to automate this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1.Pre-reqs Have node.js installed for the sample app Have Docker installed 2.Using XSSer Create the dockerfile with xsser FROM kalilinux/kali-rolling WORKDIR /workdir RUN apt-get update && \ apt-get install -y xsser ENTRYPOINT ["xsser"] Build the image docker build -t xsser . Run xsser to check options docker run -it --rm --name xsser xsser Run xsser to test against the vulnerable app from the video docker …

Creating a Local Private NPM registry using Verdaccio

If you want to be able to publish npm packages to a local npm registry so that they can be used and tested, either before publishing them to a remote one or because npm link or even yalc are not working for you or if you just need a really easy to use and install private npm registry, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1.Pre-reqs Have node.js installed Have Docker installed 2.Using Verdaccio as a local Private NPM registry Download Verdaccio’s image docker pull verdaccio/verdaccio Start the container docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio Open the server in the browser http://localhost:4873/ Add the user into Verdaccio: npm adduser --r…

Javascript Destructuring assignment

Sometimes you have a javascript object and you would like to just populate some variables with its properties or pass them as parameters to a function in a quick, clean and easy way or if it’s an array, extract its elements without having to use the indexes for each element. You can use the Destructuring assignment for this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1.Pre-reqs Have a browser like Chrome, Edge or Firefox installed 2.Using the Destructuring Assignment Object Destructuring let myObject = { a: 10, b: 20, c: 30 } let { a, b, c } = myObject console.log(a, b, c); Object Destructuring for Function Parameters function printValues({ a, b, c }) { console.log(a, b, c); } printValues(myObject); Array Destructuring������…

How to copy files from and to a running Docker container

Sometimes you want to copy files to or from a container that doesn’t have a volume previously created, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1.Pre-reqs Have Docker installed 2.Start a Docker container For this video I will be using a Jenkins image as an example, so let’s first download it by using docker pull docker pull jenkins/jenkins:lts Then I will use one of the suggested ways to run the instance and do it in the background. If you don't use pull first this command will work given that it will also try to download the image if it's not found locally. docker run -d -p 8080:8080 -p 50000:50000 jenkins/jenkins:lts You can check what's the container id, you can just type docker ps…

How to execute a command in running Docker container

Sometimes you need to run a particular command on a running container perhaps to check where some files are located or to see their contents, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1.Pre-reqs Have Docker installed 2.Start a Docker container For this video I will be using a Jenkins image as an example, so let’s first download it by using docker pull docker pull jenkins/jenkins:lts Then I will use one of the suggested ways to run the instance and do it in the background. If you don't use pull first this command will work given that it will also try to download the image if it's not found locally. docker run -d -p 8080:8080 -p 50000:50000 jenkins/jenkins:lts You can check what&…

Creating a Reactjs Component Using the Styled Components Library

When you want to use a particular HTML element and define its styles using CSS classes in Reactjs and also reuse it elsewhere, it can be helpful to be able to define it as a react component and style it in the same file without recurring to inline styling. You can achieve this by using the styled-components library, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1.Pre-reqs Have node.js installed 2.Create the Styled Component Create the app using npx create-react-app npx create-react-app quick-tips-react-styled-components Install the styled-components library npm install --save styled-components Start the app npm start Create the styled component HTML element to use by typing styled.HTML-ELEMENT. In th…