The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,861 other subscribers

Archive for 2022

« Previous Entries
Next Entries »

OWASP WebGoat repositories: Deliberately insecure JavaEE application to teach application security

Posted by jpluimers on 2022/08/02

Last year in OWASP top rated security “feature” A01:2021 – Broken Access Control, I promised to write more about how learn about OWASP documented and rated security vulnerabilities.

Today is the day you should start learning from [Wayback/Archive.is] Github: OWASP WebGoat:

Deliberately insecure JavaEE application to teach application security

It is a Java backend with a JavaScript/HTML frontend, but the vulnerabilities just as easily apply to other back-end stacks.

Repositories:

  1. [Wayback/Archive.is] WebGoat/WebGoat: WebGoat is a deliberately insecure application

    WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

    This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

    WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat’s default configuration binds to localhost to minimize the exposure.

    WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.

  2. [Wayback/Archive.is] WebGoat/WebGoat-Lessons: 7.x – The WebGoat STABLE lessons supplied by the WebGoat team.

    This repository contains all the lessons for the WebGoat container. Every lesson is packaged as a separate jar file which can be placed into a running WebGoat server.

  3. [Wayback/Archive.is] WebGoat/WebWolf (Can’t have a goat without a wolf, but I wonder where the cabbage is)
  4. [Wayback/Archive.is] WebGoat/WebGoat-Legacy: Legacy WebGoat 6.0 – Deliberately insecure JavaEE application
    This is the WebGoat Legacy version which is essentially the WebGoat 5 with a new UI.
    This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application penetration testing techniques.
  5. [Wayback/Archive.is] WebGoat/WebGoat-Archived-Releases: WebGoat 5.4 releases and older

    WebGoat 5.4 releases and older

  6. [Wayback/Archive.is] WebGoat/groovygoat: POC for dynamic groovy/thymeleaf based lesson system

    POC to demonstrate dynamic lessons with groovy controller/thymeleaf templates

They are by OWASP:

The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.[4][5]The Open Web Application Security Project (OWASP) provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 – 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

Very important is the [Wayback/Archive.is] OWASP Top Ten Web Application Security Risks | OWASP:

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Globally recognized by developers as the first step towards more secure coding.

Companies should adopt this document and start the process of ensuring that their web applications minimize these risks. Using the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.
Changes in the OWASP Top 10 between 2017 and 2021:

More OWASP repositories (including the [Wayback/Archive.is] OWASP/Top10: Official OWASP Top 10 Document Repository and [Wayback/Archive.is] OWASP/www-project-top-ten: OWASP Foundation Web Respository which seem to be at a 4-year update interval got updated in 2021) are at [Wayback/Archive.is] Github: OWASP.

Related: [Archive.is] Jeroen Wiert Pluimers on Twitter: “This so much sounds like German government IT-projects: …”

Via:

–jeroen

Posted in Authentication, CSS, Development, Encryption, HTML, Java Platform, JavaScript/ECMAScript, Pen Testing, Scripting, Security, Software Development, Web Development | Leave a Comment »

de Burrito Truc (dekbed in je overtrek stoppen)

Posted by jpluimers on 2022/08/01

Via [Wayback/Archive.is] S07E15 – Digitale festivalbeleving en betalingsinnovatie met Ibo Orgut – Met Nerds om Tafel:

de Burrito Truc (dekbed in je overtrek stoppen)

De burritotruc om je dekbed in de hoes te stoppen.

De burritotruc om je dekbed in de hoes te stoppen.

–jeroen

Read the rest of this entry »

Posted in LifeHacker, Power User | Leave a Comment »

Some notes on Input Director and alternatives: what about multiple platforms and mixing local plus remote access?

Posted by jpluimers on 2022/07/29

More than 10 years ago, I wrote about 7 screens; 3 computers; 1 keyboard/mouse to direct them all: Input Director and started with

At home, I have 7 screens on 3 computers on the same desk. That sounds like a clutter, but all these keyboards and mice hooked up to them add even more clutter. Until I found out about Input Direct…

In the mean time, I’ve mainly used a Mac with MacOS as a front-end to virtually logon to remote machines using both the internal display and one or two external monitors.

Especially when doing video (think Covid-19 and especially on-line meetings!) in addition to software development work, this is far from ideal.

So here are some things on my list of potential enhancements to this situation:

–jeroen

 

Posted in Apple, Hardware, Keyboards and Keyboard Shortcuts, KVM keyboard/video/mouse, Mac OS X / OS X / MacOS, Power User, Uncategorized, Windows | Leave a Comment »

WhatsApp Desktop for Mac or PC cannot only chat but also voice and video call

Posted by jpluimers on 2022/07/28

Easiest way to video call from your PC via WhatsApp is to use [Wayback/Archive] WhatsApp: Download – Mac or Windows PC.

This should be an alternative for Hangouts Video Calling as Hangouts is yet another product killed by Google as mentioned in many places for instance:

Read the rest of this entry »

Posted in About, Conference Topics, Conferences, Event, Google, GoogleHangouts, LifeHacker, Personal, Power User, SocialMedia, WhatsApp | Leave a Comment »

Finger print as factor in authentication?

Posted by jpluimers on 2022/07/27

A finger print as authentication factor: be sure it is not the only factor, and devise a way to delete it just in case some party wants to force you to use it as an authentication factor.

Some links for my archive:

–jeroen

Posted in *nix, Apple, Mac OS X / OS X / MacOS, Power User | Leave a Comment »

eidam/cf-workers-status-page: Monitor your websites, showcase status including daily history, and get Slack/Telegram/Discord notification whenever your website status changes. Using Cloudflare Workers, CRON Triggers, and KV storage.

Posted by jpluimers on 2022/07/26

Cool: [Wayback/Archive.is] eidam/cf-workers-status-page:

Monitor your websites, showcase status including daily history, and get Slack/Telegram/Discord notification whenever your website status changes. Using Cloudflare Workers, CRON Triggers, and KV storage

Will try this out in a while, hopefully before this actually reaches the front of the blog article queue (:

Via: [Wayback/Archive.is] Status Page – Scott Helme (via [Archive.is] Scott Helme on Twitter: “And yes, I’m also nervously watching my own status page 😅 …”).

Related blog post: One of the Let’s Encrypt’s Root Certificates expired today (and their corresponding intermediate yesterday); how is your infrastructure doing?

–jeroen

Posted in CSS, Development, JavaScript/ECMAScript, Scripting, Software Development, Web Development | Leave a Comment »

Some Pi-KVM v3 notes

Posted by jpluimers on 2022/07/25

Last year, I wrote about Low cost remote IP KVM and control, is it possible?, mentioned [Wayback/Archive.is] Pi-KVM – Open and cheap DIY IP-KVM on Raspberry Pi and pledged for the [Wayback – OpenSSH 8.0 release notes/Archive.is] Pi-KVM v3 kickstarter project.

From their updates a few notes and a few of my own on PoE, HDMI/VGA, video passthrough, and a short of shopping list.

First the entries from the PiKVM Kickstarter updates::

Read the rest of this entry »

Posted in Hardware, KVM keyboard/video/mouse, PiKVM / Pi-KVM, Power User | Leave a Comment »

Perilex en mechanische ventilatie / balansventilatie / warmteterugwininstallatie aansluiting

Posted by jpluimers on 2022/07/22

Onze WTW moet geregeld van het net af voor onderhoud aan de filters.

Dat is niet heel goed voor het Perilex stopcontact in de muur, dus ik zocht een andere manier om het apparaat af te schakelen.

Ik ben er nog niet helemaal achter (behalve de hele groep waar diverse andere delen van de keuken en het trappenhuis aan hangen), maar hieronder het aansluitdiagram zodat ik het in ieder geval terug kan vinden.

Hier iets meer over Perilex aansluitingen en onderhoud aan WTW / balansventilatie / mechanische ventilatie:

–jeroen

Read the rest of this entry »

Posted in DIY, Hardware, Power User | Leave a Comment »

Missing a KB article? Try the Microsoft KB Archive – BetaArchive Wiki

Posted by jpluimers on 2022/07/21

Over the last years, Microsoft has been retiring a lot of KB articles that in some situations can be of great value, not just when using legacy systems: sometimes they are the only source of accurate information on current systems as well.

I was glad to find that many of the retired articles made it to the [Wayback/Archive.is] Microsoft KB Archive – BetaArchive Wiki.

From that page:

Read the rest of this entry »

Posted in Development, Power User, Software Development, Windows, Windows Development | Leave a Comment »

How to Configure Stack Overflow The Key Macropad? | Drop

Posted by jpluimers on 2022/07/20

In the past I joked about a Copy/Paste keyboard for Stack Overflow, and even Stack Overflow had an April 1st joke about it early 2021 (see below). Boy  was I surprised by now it actually has existed for more than half a year!

Thanks [Archive.is] Matthijs ter Woord for pointing my attention to this.

Drop actually has some nice keyboards. Now I wish they made an UltraNav one. Their selection is at [Wayback/Archive.is] Mechanical Keyboards | Recommended Products | Drop.

The process where The Key became reality: [Wayback/Archive.is] Can I actually buy a copy-paste keyboard like the Stack Overflow April Fool’s “The Key”? – Meta Stack Overflow

The 20210401 joke: [Wayback/Archive.is] Introducing The Key – Stack Overflow Blog.

Read the rest of this entry »

Posted in Hardware, Keyboards and Keyboard Shortcuts, KVM keyboard/video/mouse, Power User | Leave a Comment »

« Previous Entries
Next Entries »