Blog
curl Based SSRF Exploits Against Redis
Published: August 14, 2017
SSRF (server side request forgery) is a type of vulnerability where an attacker is able trick a remote server into sending unauthorized requests. SSRF opens the door to many types of undesirable things such as information disclosure, DoS and RCE. In this post, we’ll take a look at the types of exploits that are achievable when we have access to curl Redis via SSRF.
Tracking Your Most Popular Blog Post Tags in Google Analytics with Jekyll
Published: August 7, 2017
Tagging is a feature built into most blogging platforms. Typically tags differ from categories in that there are many more of them on your site and a larger number of them are applied to a specific post. Here’s how WordPress describes the difference…
Tags are similar to categories, but they are generally used to describe your post in more detail.
Regardless of the exact meaning, understanding which tags on your site are most popular can help you make decisions about what type of content to publish. This post outlines a strategy for identifying your most popular tags in Google Analytics
Magento External Malware Scans
Published: August 5, 2017
magento-malware-scanner is an extremely valuable tool to help keep your Magento installation secure. Scanning a codebase for malware is dead simple…
$ wget git.io/mwscan.txt
$ grep -Erlf mwscan.txt /path/to/magento
However, it’s equally if not more important to run an external scan of your Magento installation. Here I’ll cover why and how.
Benchmarking the Impact of Implementing a CDN
Published: August 3, 2017
In a talk I’m preparing titled, “Imagining A World Without Caching”, I’m benchmarking the impact of many different forms of caching. One type of caching that the talk covers is “edge caching” a.k.a. content delivery networks (CDNs). I spent a lot of time on Google trying to find hard data showing the impact that implementing a CDN had on page load times. Unfortunately, after nearly an hour of Googling, I couldn’t find the data I was looking for.
As such, I decided to do my own benchmarking. Here, I’ll share my data.
Phars and distributing PHP CLI apps
Published: July 25, 2017
First things first, let’s address a question that I couldn’t easily find an answer to on Google. Is PHP required to execute a phar?
The answer is a loud and clear yes.
In fact, not only is PHP required to execute a phar, but the version of PHP installed on the system that will execute the phar must be in line with the version of PHP used by the phar author.
Dealing with Jekyll Tags and Case Sensitivity
Published: July 24, 2017
To the chagrin of some, tags in Jekyll are case sensitive. This means that “MySQL” and “mysql” are not the same tag.
No matter whether you’re using jekyll-archives for your tag archives pages, or a custom solution, it’s likely that you’ve felt some pain as a result of case sensitivity. I recently went through every post on this blog and to add consistent casing to my tags.
Here I’ll outline a solution I’ve developed to help alleviate the pain of dealing with case sensitivity and tags in Jekyll.