Menu

Security Review Epoch
There are many resources for learning security out there (research papers, proof of concept, CTF, pen-testing, presentations, wikipedia, etc.) but these [...]
Security Review 5 – juggling
Here we have a script designed to accept a file upload and execute it if and only if it came from a trusted source. The source is deemed trustworthy by [...]
Security Review 4 – favour for a neighbor
Here we have some code from an Node.js Express web server. It is responsible for transferring funds from one user to another. This particular code is [...]
Security Review 3 – tempus edax rerum
Here’s a snippet of code, it compares two strings, really not much to it. This bit of code probably occurs in some variation in almost every [...]
Security Review 2 – stuck together
Suppose a system exists with some run-of-the-mill accounts implementation. Somewhere down the line the business decides they want to be able to support [...]
Security Review 1 – 2 factor login
Here’s some code that handles the a two-factor login. There are several bugs in here, and not all of them are strictly security related. Have a look [...]