Stefan Streichsbier streichsbaer
streichsbaer
/ config.yml
Last active
August 14, 2019 13:50
Setting guardrails config in a repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bundles: | |
| - php | |
| - general | |
| report: | |
| pullRequest: | |
| findings: "onAllFiles" | |
| comment: true |
streichsbaer
/ Custom-Portlet.java
Created
December 14, 2015 06:07
Ajax CSRF protection workaround for Liferay
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public void serveResource(ResourceRequest resourceRequest, ResourceResponse resourceResponse) throws IOException, PortletException { | |
| HttpServletRequest request = PortalUtil.getOriginalServletRequest(PortalUtil.getHttpServletRequest(resourceRequest)); | |
| try { | |
| HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(PortalUtil.getHttpServletRequest(resourceRequest)){ | |
| @Override | |
| public String getParameter(String name) { | |
| if (name.equals("p_auth")) { | |
| return PortalUtil.getOriginalServletRequest((HttpServletRequest) super.getRequest()).getParameter(name); | |
| } |
streichsbaer
/ brakeman output
Created
January 28, 2019 07:26
— forked from pxlpnk/brakeman output
brakeman scan result for RailsGoat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Loading scanner... | |
| Processing application in /Users/at/src/github.com/OWASP/railsgoat | |
| Processing gems... | |
| [Notice] Detected Rails 5 application | |
| Processing configuration... | |
| [Notice] Escaping HTML by default | |
| Parsing files... | |
| Processing initializers... | |
| Processing libs...sed | |
| Processing routes... |
streichsbaer
/ getPublicKeyHashes.sh
Created
March 5, 2018 04:00
This shell script gets the public key in DER format for a given host and port and returns the publicKey Hashes in the TrustKit Format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Prequisites: (Tested on Mac only) | |
| # 1. Install openssl | |
| # 2. Install python | |
| # 3. Clone the trustkit repository | |
| # 4. cd into the trustkit repository and create the getPublicKeyHashes.sh file in there | |
| if [ -z "$1" ] | |
| then | |
| echo "Please provide a hostname and port. E.g ./getPublicKeyHashes.sh google.com 443" | |
| elif [ -z "$2" ] |
streichsbaer
/ clone_and_execute_bdd-security.sh
Created
July 6, 2016 02:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git clone https://github.com/continuumsecurity/bdd-security.git | |
| cd bdd-security | |
| ./gradlew -Dcucumber.options="--tags @authentication --tags ~@skip" test |
streichsbaer
/ WebGoatApplication.java
Created
March 13, 2017 09:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package net.continuumsecurity; | |
| import net.continuumsecurity.Config; | |
| import net.continuumsecurity.Credentials; | |
| import net.continuumsecurity.UserPassCredentials; | |
| import net.continuumsecurity.behaviour.ILogin; | |
| import net.continuumsecurity.behaviour.ILogout; | |
| import net.continuumsecurity.behaviour.INavigable; | |
| import net.continuumsecurity.web.WebApplication; | |
| import org.openqa.selenium.By; |
streichsbaer
/ config.xml
Created
March 13, 2017 09:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="ISO-8859-1" ?> | |
| <web-app> | |
| <!-- Base URL of the application to test --> | |
| <baseUrl>http://10.1.1.251:8080/WebGoat/</baseUrl> | |
| <!-- A Java class to hold the Selenium steps to test the application in depth. Optionally required for in-depth authn/z and session management testing. --> | |
| <class>net.continuumsecurity.WebGoatApplication</class> | |
| <sslyze> |
streichsbaer
/ WebGoatApplication.java
Last active
July 6, 2016 06:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package net.continuumsecurity; | |
| import net.continuumsecurity.Config; | |
| import net.continuumsecurity.Credentials; | |
| import net.continuumsecurity.UserPassCredentials; | |
| import net.continuumsecurity.behaviour.ILogin; | |
| import net.continuumsecurity.behaviour.ILogout; | |
| import net.continuumsecurity.behaviour.INavigable; | |
| import net.continuumsecurity.web.WebApplication; | |
| import org.openqa.selenium.By; |
streichsbaer
/ updated-config.xml
Created
July 6, 2016 05:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="ISO-8859-1" ?> | |
| <web-app> | |
| [...] | |
| <baseUrl>http://localhost:8080/WebGoat/</baseUrl> | |
| <class>net.continuumsecurity.WebGoatApplication</class> | |
| <defaultUsername>guest</defaultUsername> | |
| <defaultPassword>guest</defaultPassword> | |
| [...] | |
| </web-app> |
streichsbaer
/ download_and_execute_WebGoat.sh
Created
July 6, 2016 05:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0.1-war-exec.jar | |
| java -jar webgoat-container-7.0.1-war-exec.jar |
NewerOlder