Тестирование на IDOR-уязвимости

егодня мы узнаем, как тестировать на наличие IDOR. IDOR расшифровывается как Insecure Direct Object Reference (небезопасные прямые ссылки на объекты) и подразумевает ситуацию, когда пользователь может успешно получить доступ к странице, данным или файлу, доступа к которым у него быть не должно. Мы обсудим четыре способа, которыми эта уязвимость проявляется, а затем поэксплуатируем ее в тестовом приложении, используя инструменты разработчика Chrome и Postman. Простой способ поискать IDOR – это взглянуть на параметр URL. Допустим, вы Read more

Understanding Laravel’s SerializesModels trait

Background When dispatching an object onto the queue, behind the scenes Laravel is recursively serializing the object and all of its properties into a string representation that is then written to the queue. There it awaits a queue worker to retrieve it from the queue and unserialize it back into a PHP object (Phew!). Problem When complicated objects are serialized, their string representations can be atrociously long, taking up unnecessary resources both on the queue Read more

Create Laravel Project With Multiple Redis Stores

In this article I will show how to create a production oriented Redis configuration in Laravel. The configuration will work locally and with standard or clustered Redis servers in production. The configuration will configure separate redis connections for the Laravel session, cache, queue and application. In development all the connections will point to the same Redis server but will distinguish between objects stored by each connection by configuring a unique prefix for each connection. This Read more

Clean code using decorators

In this blogpost I’m going to explain how to keep your code clean using decorators. By applying decorators the open close principle is maintained, code becomes easier to extend and easier to adjust. Background According to wikipedia the decorator pattern is a design pattern that allows behaviour to be added to an individual object, without affecting the behavior of other objects from the same class. In go this means that we extend the functionality of Read more

Global contextual logging in Laravel 8.x

Logging is an integral part of developing applications. And if you’re working with Laravel, logging things is a breeze. All you need is to use the Illuminate\Support\Facades\Log and utilize the following different logging levels like so. use Illuminate\Support\Facades\Log; Log::emergency($message); Log::alert($message); Log::critical($message); Log::error($message); Log::warning($message); Log::notice($message); Log::info($message); Log::debug($message); COPY As you can tell, the logging levels are self-explanatory. Apart from this, you can also pass an array of contextual data to the log methods This contextual data Read more

Laravel Many to Many Relationship Tutorial

Many To Many (e.g. User can win multiple Trophies and each trophy can belong to many Users) Steps 1 — Models classes and Tables2 — Migrations3 — Defining Relationships in Modal classes4 — Fetch/Create/Update/Delete Records Models classes and Tables 1- User Model and users table2- Trophy Model and trophies table3- trophies_users pivot table Migrations Run below command in the console to create model and table php artisan make:model User -m //create users table and User Read more

Install composer packages from private repository from GitLab

I had to install a PHP package that’s not hosted on packagist. Rather, it stays under my organization’s private repository on Gitlab. So, I thought to write an article that can be easy for others if they’re going through the same. So, to install a package from GitLab which is not a public repository will need a Personal Access Token. You can issue your PAT by going to Profile Icon > Settings > Access Token. Read more

How to change the commit author for one specific commit?

Interactive rebase off of a point earlier in the history than the commit you need to modify (git rebase -i <earliercommit>). In the list of commits being rebased, change the text from pick to edit next to the hash of the one you want to modify. Then when git prompts you to change the commit, use this: git commit --amend --author="Author Name <email@address.com>" --no-edit For example, if your commit history is A-B-C-D-E-F with F as Read more

Deploying Vault and Consul

Let’s look at how to deploy Hashicorp’s Vault and Consul to DigitalOcean with Docker Swarm. This tutorial assumes that you have a basic working knowledge of using Vault and Consul to manage secrets. Please refer to the Managing Secrets with Vault and Consul tutorial for more info. Upon completion, you will be able to: Provision hosts on DigitalOcean with Docker Machine Configure a Docker Swarm cluster to run on DigitalOcean Run Vault and Consul on Read more

Comparing sizes of protobuf vs json

Google Protobuffer is a binary format claiming to much more compact than json and other text-formats, but just how much less space does it require? Does it hold for large arrays of data? In this blogpost I will compare the sizes of the two formats. Test-data with array of tickers I will generate test-data with a home made tool, you can find it on github: https://github.com/nilsmagnus/protobuf-json-xml-size-comparison The content of the data is defined in a Read more

Любишь мемасики?

Подпишись на мой телеграм-канал!