Reading web server logs can be hard and requires tons of scripting commands. We usually choose a application for this purpose. GoAccess one the tools developed for this goal and it’s stable, fast and in my opinion most powerfull feature of GoAccess is real time analyze.Also it can generate HTML, JSON and CSV report.
What is Content Security Policy
A relatively new feature in browsers, Content Security Policy is a tool that protects your web application against Cross-Site Scripting (XSS) vulnerabilities. By declaring to the browser the location where scripts and other resources are supposed to come from, the browser knows to block resources coming from anywhere else.
DjangoCon 2014 – Practical Django Security
Web application security is an ever present problem. The “don’t trust user input” mantra sounds nice but doesn’t practically work. In this talk we will go over introduce and apply a set of practical programming paradigms that you can use to write secure code.
One git command may cause you hacked ( CVE-2014-9390 Exploitation for Shell )
Hello
CVE-2014-9390 is one of the hilarious vulnerability I’ve ever seen. One single git may cause you hacked! I won’t dive into the details of this vulnerability because of official announcements can be found here ( https://github.com/blog/1938-git-client-vulnerability-announced and http://article.gmane.org/gmane.linux.kernel/1853266 ) . In short, if you use case insensitive operating system like Windows or OSX you have to update your git client, do it right now! Otherwise attackers can insert their own pre hooks into your git directory.
Let’s analyze this vulnerability from penetration tester perspective.