Step by step hacking web-applications vulnerable to SQL injection, including remote code execution, authorisation bypass and data exfiltration attacks.
When developing an application, the integrity of infrastructure and data is paramount, as part of the development process, all developers should be (at the very least) aware of the OWASP top 10 and code defensively against the items included. It’s also extremely important to ensure an application is penetration tested before and after deployment to a production environment, ideally by means of an integrated into CI/CD solution. The following text covers at a high level some of the steps you as a developer should take to ensure your application is as secure as possible. This post discusses at a high level, steps you can take to ensure you code more securely.
The Hackers manifesto, written all the way back in 1986 by a chap called Loyd Blankenship (the mentor in “legion of doom” hack group) shortly after his arrest by the FBI for “being in a computer I should not have been” still holds true today if not more so....