dockerinoz - build containers that won't haunt you

dockerinoz - simple Dockerfile (security) best practices verification

dockerinoz is a very small and simple tool which allows you to verify the content of Dockerfiles against a given best practice. It’s nothing more than a fancy grep using a bit more than just simple regular expressions. This approach allows for very quick verifications which is especially important when implementing dockerinoz into your build pipeline. It also makes dockerinoz super easy to modify and extend - especially as the rules are just regular expressions in a json file (rules.json).

more...

TYS 0x02 - PHP in 2019?! Are you insane!?

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.


There is a reason for everything!

PHP was one of the first web-specialized languages (created 1994) broadly used. Even today, 25 years later, PHP is powering at least parts of most of the web based applications on the internet (~80% - check https://w3techs.com/).

more...

apatf - levenshtein distance in cyber security

Levenshtein distance what?

If you work or are just interested in cyber security you will have most likely encountered situations in which you would have loved to be able to automatically identify the percentage wise difference of two files or strings. A good example is a login or error page check. Imagine you are fuzzing a web application and you try to differentiate a successful injection from an error page.

more...