Encoding – CISSP Domain 3

Today we’re going to take a quick look at encoding, as covered in Domain 3 of the CISSP common body of knowledge (CBK). There is often some confusion between encoding and encryption, so one of the purposes of this article is to look at how the CB… Continue reading Encoding – CISSP Domain 3

Does anyone know what this encoding format for passwords is? I think it is a decimal array but I can’t seem to convert it

During a penetration test, I ran across a server that was storing passwords in its database in what seems to be a binary array of sorts:
password_table

1,12,12,12,122,21,13,00,00,00,000
11,112,443,12,31,09,100
110,1123,108,117,108,62,62

Continue reading Does anyone know what this encoding format for passwords is? I think it is a decimal array but I can’t seem to convert it

Is unicode character encoding a safe alternative for html encoding when rendering unsafe user input to html?

I am building a web application in which a third party library is used, which transforms the user input into JSON and sends it to an controller action. In this action, we serialize the input using the standard Microsoft serialize from the … Continue reading Is unicode character encoding a safe alternative for html encoding when rendering unsafe user input to html?

The Ceedy World of Message Serialization

Look, I’ve been there too. First the project just prints debug information for a human in nice descriptive strings that are easy to understand. Then some tool needs to log a sensor value so the simple debug messages gain structure. Now your debug messages {{look like : this}}. This is …read more

Continue reading The Ceedy World of Message Serialization