Skip to content

Instantly share code, notes, and snippets.

View dovys's full-sized avatar

Dovy Bartkevicius dovys

31 followers · 22 following
View GitHub Profile
@dovys
dovys / juice_shop_morty.go
Created October 28, 2019 13:26 — forked from cimi/juice_shop_morty.go
Solution for OWASP Juice Shop challenge
package main
import (
"bytes"
"fmt"
"io/ioutil"
"net/http"
"os"
"strconv"
"strings"
@dovys
dovys / gist:c90b5f0834c82d88184a79f4c06601a9
Created June 10, 2017 12:25 — forked from dmitshur/gist:6927554
How to `go get` private repos using SSH key auth instead of password auth. 
$ ssh -A vm
$ git config --global url."git@github.com:".insteadOf "https://github.com/"
$ cat ~/.gitconfig
[url "git@github.com:"]
	insteadOf = https://github.com/
$ go get github.com/private/repo && echo Success!
Success!
@dovys
dovys / latency.txt
Created January 10, 2017 15:41 — forked from jboner/latency.txt
Latency Numbers Every Programmer Should Know
Latency Comparison Numbers
--------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns 3 us
Send 1K bytes over 1 Gbps network 10,000 ns 10 us
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD
@dovys
dovys / security_checklist.md
Created September 25, 2015 16:32 — forked from si14/security_checklist.md

webapp/OAuth2/REST API stack security checklist

OAuth2 (implicit flow)

  • response_type is a constant set for particular app on server (1)
  • redirect_uri, too (1)
  • "state" parameter is echoed by server and checked by client (1)
  • hash of "state" parameters is stored in LocalStorage and destroyed on receiving redirect (1)
  • "client_id" parameter is checked (after obtaining token, make a request to server to get "token_id" for this token and compare to existing one) (2, 3)
  • IP is saved for particular token on grant and checked on access