Full-Stack Programmer

This week I attended a 3 days training on Java and web security with Ernő Jeges from SEARCH-LAB . It was nice to refresh my memory on the theoretical part, and I also got the chance to study and test many vulnerabilities. Below some notes I took: intro: - running away of competition not of the hackers (bear story) - SPIT = spam over voice over ip - $1000 - sharing bootnets for spam delivery or 1 mil email addresses - www.eegs.com - Common Criteria - security standard java: - applets can only talk with the origin server - jca/jce - core of java security - jca: for data integrity - jce: for confidentiality/encryption - jaas: authentication & authorization - use RSA for encrypting a secret key to be used for symmetric encryption because RSA is CPU expensive - blind signature - checkout SecureRandom vulnerabilities: - google: mysql injection cheat sheet - sql injection - xss - upload a php/jsp page instead of a image - hasing passwords is not enough, always use hash(password, salt) or...

With reverse SSH tunneling you can ssh to your Linux machine that sits behind NAT or a firewall. There are 2 simple steps: Let's assume that Destination's IP is 192.168.1.10 (Linux box that you want to access). You want to access from Linux client with IP 138.47.28.28 . Destination ( 192.168.1.10 ) 138.47.28.28 ) 1. SSH from the destination to the source (with public IP) using command below: ssh -R 2022:localhost:22 sourceuser@138.47.28.28 2. Now you can SSH from source to destination through SSH tunneling: ssh -p 2022 localhost

A brain dump of my day to day endeavors in the world of systems programming an architecture.