by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Glenn
@botSKF_gitlab
@Glenn ten Cate (blabla1337) 3 Code encoder sql esapi (12:40:25 PM)
@Glenn ten Cate (blabla1337) 0 Code input validation (12:40:25 PM)
Glenn ten Cate
@blabla1337
@botSKF_gitlab 0
Glenn
@botSKF_gitlab
@Glenn ten Cate (blabla1337) 1 Code input validation in flask (12:40:41 PM)
@Glenn ten Cate (blabla1337) 0 Code input validation in php (12:40:41 PM)
@Glenn ten Cate (blabla1337) 2 Code input validation in django (12:40:41 PM)
@Glenn ten Cate (blabla1337) 3 Code input validation in ruby (12:40:41 PM)
Glenn ten Cate
@blabla1337
@botSKF_gitlab 0
Glenn
@botSKF_gitlab

@Glenn ten Cate (blabla1337) Code for input validation

Example:

<?php

/*
This function is where you store al your input validation controls.
It makes it easy to maintain whenever you want to apply changes for
certain input validation roles and reduces the chance of mistakes in your regexes.
*/

class validation{

    //Our input validation function
    public function inputValidation($input, $type, $logMessage, $threatLevel, $countLevel){

        //Audit log and user lockdown
        $logging = new logging();

        switch ($type) {
            case "numeric":
                $pattern = "/^[09]+$/";
                break;
            case "alphanumeric":
                $pattern = "/^[azAZ09]+$/";
                break;
        }

        if(!preg_match($pattern, $input)){

            /*
            Set a log for whenever there is unexpected user input with a threat level
            See "audit logs" code example for more information:
            */
            $logging > setLog($_SESSION[''userID''], $logMessage, "FAIL", date("dmy"),
            $_SESSION["privilege"], $threatLevel);

            /*
            Set counter if counter hits 3 the users session must terminated
            After 3 session terminations the user account must be blocked
            See "audit logs" code example for more information:
            */            
            $logging>setCounter($countLevel);

            return false;
            }else{

            //Set a log for whenever there is unexpected userinput with a threat level
            $logging>setLog($_SESSION[''userID''],"Valid input validation for regex from ".$type." ",
            "SUCCESS", date("dmy"), $_SESSION["privilege"], "NONE");

            return true;
        }
    }
}

?>

Code language is php (12:40:51 PM)

savi pandit
@savitapandit12_twitter
hii
how are you
Glenn ten Cate
@blabla1337
Hi
We are good
how are you?
Ender Akbas
@enderax
Hi Glenn
Hope you're fine.
Ender Akbas
@enderax

I am following docker installation guide to run it but it doesn't work at first-login when I click "create account". I only see OPTIONS request but PUT.

While running Docker, it also gives following error. Maybe this was the reason.
`

  • /wrapper.sh
    /wrapper.sh: line 12: /skf-angular.sh: No such file or directory`

My command is like this:

docker run -v /root/skf-db/db.sqlite:/skf-flask/skf/db/db.sqlite -e SKF_FLASK_DEBUG=True -e ORIGIN=MY_IP -e JWT_SECRET=change_this_super_secret_random_string -ti -p 443:443 blabla1337/skf-flask

I gave 777 for db file to see it as working but no luck.

Can you help me to figure out what is wrong?
Glenn ten Cate
@blabla1337
check
@enderax we are working on an easier way to start the SKF application
if you want to use it locally I would recommend to use for now the dev branch
go into the skf-flask dir
and run docker-compose up
it will spin all the needed things up
and you can access it on localhost
also remember to enable Kubernetes in your Docker desktop GUI so you can also launch the Labs from SKF
if you want to install it on a server you have 2 options
or use the k8s and deploy it for example on GKE
or you manually install the SKF API and SKF Angular
and use the Nginx config file in the SKF project for the reverse proxy and connecting them
Ender Akbas
@enderax
Hi @blabla1337. Thanks for answer. I want to deploy it to AWS for internal use among developers. Either EC2 or ECS work for me. I tried all installation options(Dockerhub, manual, docker file) then all ended with a different errors. I will give a chance for manual installation
Glenn ten Cate
@blabla1337
@Glenn ten Cate (blabla1337) Description for XSS injection is : Every time the application gets userinput, whether this showing it on screen or processing this data in the application background, these parameters should be escaped for malicious code in order to prevent crosssite scripting injections. When an attacker gains the possibility to perform an XSS injection, he is given the opportunity to inject HTML and JavaScript code directly into the application. This could lead to accounts being compromised by stealing session cookies or directly affect the operation of the target application. Altough templating engines(razor, twig, jinja, etc) and contextaware applications(Angular, React, etc) do a lot of auto escaping for you. These frameworks should always be validated for effectiveness. (12:39:21 PM)
:P
Aniket Surwade
@asurwade_gitlab
@botSKF_gitlab What is XSS?
Glenn
@botSKF_gitlab
@Aniket Surwade (asurwade_gitlab) Description for XSS injection is : Every time the application gets userinput, whether this showing it on screen or processing this data in the application background, these parameters should be escaped for malicious code in order to prevent crosssite scripting injections. When an attacker gains the possibility to perform an XSS injection, he is given the opportunity to inject HTML and JavaScript code directly into the application. This could lead to accounts being compromised by stealing session cookies or directly affect the operation of the target application. Altough templating engines(razor, twig, jinja, etc) and contextaware applications(Angular, React, etc) do a lot of auto escaping for you. These frameworks should always be validated for effectiveness. (8:43:18 AM)
lsec0ni
@lsec0ni
SSRF
what is SSRF?
Chasej
@ruevaughn
@botSKF_gitlab What is an SSRF exploit?
Glenn
@botSKF_gitlab
@Chasej (ruevaughn) Please be more specific (12:36:07 AM)
Chasej
@ruevaughn
@botSKF_gitlab What is SSRF?
Glenn
@botSKF_gitlab
@Chasej (ruevaughn) Please be more specific (12:36:43 AM)
Chasej
@ruevaughn
@botSKF_gitlab What is SSRF?
Glenn
@botSKF_gitlab
@Chasej (ruevaughn) Please be more specific (12:37:16 AM)
Chasej
@ruevaughn
Never!!
@botSKF_gitlab Howdo you validate Frameworksk such as Angular or React for effectiveness
Glenn
@botSKF_gitlab
@Chasej (ruevaughn) 0 Description validated cryptographic modules (12:38:29 AM)
@Chasej (ruevaughn) 3 Description change and validate current password (12:38:29 AM)
@Chasej (ruevaughn) 2 Description validate the integrity of all security relevant configurations (12:38:29 AM)
@Chasej (ruevaughn) 1 Description verify that structured data is strongly typed and validated (12:38:29 AM)