Category: Web Security

  • Faking Enumerations with Vanilla javascript

    Faking Enumerations with Vanilla javascript

    What is an Enumeration? An Enumeration is a way to create a limited list of options to choose from.This is useful for keeping a list of field names for a form so you can use javascript to animate something for example. Having a limited list of options is helpful so that you can eliminate bugs…

  • How to secure individual Symfony AJAX api routes without using API Platform

    How to secure individual Symfony AJAX api routes without using API Platform

    I am in the process of updating this article entirely. Please stay tuned. Creating the Symfony route is easy. Checking if the request was sent by AJAX is again easy. But what stops a mischievous hacker from hitting that endpoint and trying to get a list of used emails or something else with a script?…

  • How to add CSRF protection to Symfony 5+ forms

    How to add CSRF protection to Symfony 5+ forms

    How CSRF works What you are basically doing with CSRF is trying to make sure a hacker has not created a fake form to gather private information from your user. You want your app to create a unique string and save it on the server in a session cookie or database, redis etc. Then you…

  • Authentication vs Authorization what is the difference?

    Authentication vs Authorization what is the difference?

    Authentication/Authorization these terms are often confused.

  • How to create ssh keys for admin  user login without passwords

    How to create ssh keys for admin user login without passwords

    The idea is to have a way for an admins to SSH into a server without having to use passwords. This adds a level of security to your server setup. Without private keys you have to enter your user name and password. This can be less secure than generating SSH keys and adding your public…

  • Stupid linux issues.

    This is my collection of stupid. Top of the list Debian/Ubuntu removes apt-key support and doesn’t tell anyone they did it, doesn’t give anyone a single hint as to what to do. No just remove/deprecate shit and don’t tell a single soul on earth. This kind of stupid makes me want to leave the industry…

  • How to create ssh deploy keys for github

    How to create ssh deploy keys for github

    One issue with creating SSH keys is there are so many ways to do it and no one tells you why they do what they do. A quick search will reveal almost everyone has their own way of doing it.  If you are new to ssh keys I suggest you read this article really quick.…

  • SSL links, videos and other resources.

    SSL links, videos and other resources.

    SSL is a very important subject. All websites/apps should be using it. However the docs will leave you scratching your head saying WTF? So I am creating this long list of resources for anyone else who ever has to learn how to use it. Articles First here is a link to the docs – this…

  • Our programming tools are stuck in the past

    Our programming tools are stuck in the past

    Recently I decided to start automating my infrastructure. Before this it had never occurred to me how stuck in the past our ancient tools are. These days we have the cloud. We can fire instances up in seconds. But to do this we need ways of automating things. Tools such as SSH, SSL, GIT etc.…

  • How to use Multiple ssh deploy keys with Github and Git

    I came across this issue when automating infrastructure provisioning. I needed a way to pull the repository code for my app in the provisioning scripts. I didn’t want to use the ssh keys I have setup for the entire Github account due to security. I discovered that github has the ability for you to add…