Raz0r.name

Author: Raz0r

  • Why you should not use GraphQL schema generators

    It has been quite a while since GraphQL has been introduced by Facebook, lots of tools and frameworks has appeared and are being used in the wild now. In 2017 I made an overview of the technology from the security point of view in the post “Looting GraphQL for Fun and Profit” and some of…

  • PolySwarm Smart Contract Hacking Challenge Writeup

    This is a walk through for the smart contract hacking challenge organized by PolySwarm for CODE BLUE conference held in Japan on November 01–02. Although the challenge was supposed to be held on-site for whitelisted addresses only, Ben Schmidt of PolySwarm kindly shared a wallet so that I could participate in the challenge.

  • Adobe Experience Manager Vulnerability Scanner

    Adobe Experience Manager is content management system that is based on Apache Sling – a framework for RESTful web-applications based on an extensible content tree. Apache Sling in its turn is basically a REST API for Apache Jackrabbit, which is an implementation of Content Repository API for Java (JCR). The main principle of JCR is…

  • Predicting Random Numbers in Ethereum Smart Contracts

    Slides from my AppSec California 2018 talk “Predicting Random Numbers in Ethereum Smart Contracts” Detailed blog post: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620

  • Looting GraphQL Endpoints for Fun and Profit

    In one of the previous posts about the state of modern web applications security I mentioned GraphQL – a new technology for building APIs developed by Facebook. GraphQL is rapidly gaining popularity, more and more services switch to this technology, both web and mobile applications. Some of the GraphQL users are: GitHub, Shopify, Pintereset, HackerOne…

  • Arbitrary File Reading in Next.js < 2.4.1

    Next.js is a quite popular (>13k stars on GitHub) framework for server-rendered React applications. It includes a NodeJS server which allows to render HTML pages dynamically. While digging into server’s code, a list of internal routes drew my attention: defineRoutes() { const routes = { /* … */ '/_next/:path+': async(req, res, params) => { const…

  • Database Firewall from Scratch

    Slides from our talk with Denis Kolegov at PHDays 7 “Database Firewall from Scratch” (+ bonus).

  • PostMessage Security in Chrome Extensions

    Slides from my talk at OWASP London Meetup on the 30th of March, 2017. Video CRX PostMessage Scanner source code

  • Universal (Isomorphic) Web Applications Security

    Nowadays you do not write things in jQuery. You use node.js, webpack, React, Redux, websockets, babel and a ton of other packages to help you create a basic ToDo web application. With frontend technologies developing rapidly, isomorphic (or to be correct universal) web applications are a big thing now. In a nutshell, it means that…

  • Waf.js: How to Protect Web Applications using JavaScript