SELECT timestamp, target, conn_info->'ciphersuite'
FROM scans
WHERE has_tls = 'true'
AND completion_perc = 100
ORDER BY timestamp desc limit 1;
Julien Vehent jvehent
jvehent
/ Bsides Tampa 2018: Modern web application security
Created
January 19, 2018 16:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Title: Modern web application security | |
| Speaker: Julien Vehent | |
| Julien leads the Firefox Operations Security team at Mozilla, tasked with | |
| defining, implementing and operating the security of Firefox's backend services | |
| and release engineering infrastructure. Julien's background is in web | |
| applications security, services architecture, cryptography and risk management. | |
| Julien is the author of "Securing DevOps", published at Manning Editions. More | |
| at https://jve.linuxwall.info/jve.html |
jvehent
/ Bsides Tampa 2018: Modern web application security
Created
January 19, 2018 16:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Title: Modern web application security | |
| Speaker: Julien Vehent | |
| Bio: Julien leads the Firefox Operations Security team at Mozilla, tasked with defining, implementing and operating the security of Firefox's backend services and release engineering infrastructure. Julien's background is in web applications security, services architecture, cryptography and risk management. Julien is the author of "Securing DevOps", published at Manning Editions. More at https://jve.linuxwall.info/jve.html | |
| Abstract: | |
| It is 2018 and your websites are still getting targeted on a daily basis. Your WAF rules are so complex no one wants to touch them, and every time you're done reviewing the next javascript framework, a new one has popped up on Hackers News, and shipped in production. Your bug bounty program alerts you of a new XSS every other week, and there's no end in sight. Meanwhile, your boss keeps asking if you're on the latest version of Apache Struts, terrified to become the next Equifax. Suffice to say, web application sec |
jvehent
/ gist:ff0b6428008616cd1c07dc99995a074b
Created
January 11, 2018 13:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ go run main.go -i ~/app-rocket-webkit-release-1816-signed.apk -o /tmp/rocket-aligned.signed.apk -v 2>&1| grep padding | |
| 2018/01/11 08:16:59 --- res/drawable-hdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png: padding 3 bytes | |
| 2018/01/11 08:16:59 --- res/drawable-hdpi-v4/design_ic_visibility.png: padding 1 bytes | |
| 2018/01/11 08:16:59 --- res/drawable-hdpi-v4/googleg_disabled_color_18.png: padding 3 bytes | |
| 2018/01/11 08:16:59 --- res/drawable-hdpi-v4/home_pattern.png: padding 1 bytes | |
| 2018/01/11 08:16:59 --- res/drawable-hdpi-v4/ic_notification.png: padding 3 bytes | |
| 2018/01/11 08:16:59 --- res/drawable-hdpi-v4/logotype.png: padding 1 bytes | |
| 2018/01/11 08:16:59 --- res/drawable-mdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png: padding 3 bytes | |
| 2018/01/11 08:16:59 --- res/drawable-mdpi-v4/design_ic_visibility.png: padding 1 bytes |
jvehent
/ tlsobs_ciphersuite.md
Created
October 9, 2017 12:19
jvehent
/ moz-baseline-default.conf
Created
September 18, 2017 21:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # zap-baseline rule configuration file | |
| # change FAIL to IGNORE to ignore rule or FAIL to fail if rule matches | |
| # only the rule identifiers are used - the names are just for info | |
| 2 IGNORE (Private IP Disclosure) | |
| 10010 FAIL (Cookie No HttpOnly Flag) | |
| 10011 FAIL (Cookie Without Secure Flag) | |
| 10012 IGNORE (Password Autocomplete in browser) | |
| 10016 IGNORE (Web Browser XSS Protection Not Enabled) | |
| # Warn on 10017 for now, need to decide how to handle SRI's better | |
| # 10017 FAIL (Cross-Domain JavaScript Source File Inclusion) |
jvehent
/ checklist.md
Last active
September 18, 2017 20:48
- The service must have performed a Rapid Risk Assessment and have a Risk Record bug
- Public staging and production endpoints must be added to the security baseline
- Access and application logs must be archived for a minimum of 90 days
- Use Modern or Intermediate TLS
jvehent
/ disitool.py
Created
August 4, 2017 19:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| tool to manipulate digital signatures in PE files | |
| commands: | |
| - delete signed-file unsigned-file | |
| - copy signed-source-file unsigned-file signed-file | |
| - extract signed-file signature | |
| - add signature unsigned-file signed-file |
jvehent
/ gist:7be4f2b76033ad9111055f310e1894bf
Created
May 19, 2017 15:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "Languages that use spaces, not tabs | |
| autocmd FileType js :setlocal sw=4 ts=4 sts=4 expandtab | |
| autocmd FileType lua :setlocal sw=2 ts=2 sts=2 expandtab | |
| autocmd FileType python :setlocal sw=4 ts=4 sts=4 expandtab | |
| autocmd FileType yaml :setlocal sw=4 ts=4 sts=4 expandtab | |
| autocmd FileType pp :setlocal sw=4 ts=4 sts=4 expandtab | |
| "Languages that use tabs, not spaces | |
| autocmd FileType php :setlocal sw=3 ts=3 sts=3 noexpandtab | |
| autocmd FileType c :setlocal sw=6 ts=6 sts=6 noexpandtab | |
| autocmd FileType cpp :setlocal sw=4 ts=4 sts=4 noexpandtab |
jvehent
/ make_nat_instance.sh
Last active
May 15, 2017 03:53
Create a NAT instance in a VPC and route all traffic to it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # configuration | |
| VPC=vpc-24e97b4d | |
| IGW=igw-9f59e9f6 | |
| MAINRT=rtb-ae92f4c7 | |
| REGION=us-east-2 | |
| SSHKEY=jvehent-cloudservicesawsdev-us-east-2-20170513 | |
| fail() { |
jvehent
/ input_cloudtrail.lua
Created
April 27, 2017 22:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "io" | |
| local msg = { | |
| Timestamp = nil, | |
| Type = "logfile", | |
| Hostname = "localhost", | |
| Logger = "cloudtrail", | |
| Payload = nil, | |
| Fields = nil | |
| } |