seckb*

Harden configuration -  https://gist.github.com/yehgdotnet/a59571b8e179b4198efa693ba16eb3d6 Prevent hard-coded passwords -  https://gist.github.com/yehgdotnet/339b37910f3f4c32523a379f4673b6d8 Windows Bash Script Wrapper for Python Code Scanner (PYT)   -  https://gist.github.com/yehgdotnet/074ab79528ccdac7653bb641beb3b7c5

.extra https://docs.djangoproject.com/en/2.0/ref/models/querysets/#django.db.models.query.QuerySet.extra       For example, this use of extra(): >>> qs.extra( ... select={'val': "select col from sometable where othercol = %s"}, ... select_params=(someparam,), ... ) is equivalent to: >>> qs.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,))) .raw https://docs.djangoproject.com/en/dev/topics/db/sql/ >>> for p in Person.objects.raw('SELECT * FROM myapp_person'): ... print(p) John Smith Jane Jones .execute do_sql from django.db import connection cursor = connection.cursor() cursor.execute('insert into table (column) values (%s)', (dinosaur,)) cursor.close() from handy.db import do_sql do_sql('insert into table (column) values (%s)', (dinosaur,)) RawSQL >>> from django.db.models.expressions import RawSQL >>> queryset.an...

Read coursebook at least 3 times. Undoubtedly understand each and every concept. Practically test and be skilful in executing recommended tools and techniques in various scenarios and switches.  Undoubtedly understand the purpose, practical usage and output of each tool and techniques.  There's no need to memorize switches. Practical understanding is different from memorization.  Being open-book doesn't mean it's extremely theoretical. You won't literally have a lot of time to open book to seek answers.  Thorough understanding of coursebook is required.   Roughly only round 30% from coursebook might be encountered.  The rest were from case studies that make you derive answers based on given situations/screenshots.  Subscribe NetWars access that save you time from troubleshooting with never-tried-before tools and making things work as per course book; hence it lets you absorb material...

<%  String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337"; response.setCharacterEncoding(attacker_controlled_charset); %>

https://gist.github.com/yehgdotnet/1cb57b55c40afb6d0d0cced57e921868 Output: [INFO] Executing Regular Expression check on AAAAAAAAAA [RESULT] String did not match [INFO] Ended Regular Expression... [INFO] Executing Regular Expression check on AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.COM........................................................................................................... [Deadloop]