Web Security

I enjoy it when things are used in ways they're not meant to be used, and IT security, especially penetration testing, very much scratches that itch. My background in web development naturally led me to focus on web security, where I conduct web penetration tests.

If you would like your application to be tested, contact me at hello@winstonwww.com

To see what you would receive after a penetration test, you can take a look at a by clicking sample report

Let me try to spark some enthusiasm for security

Below I created a couple of challenges to tickle your puzzle brain.

Level 1

Requirements: None

The word “dog” is filtered out and will be deleted as soon as you type it in. Can you find a way to output it anyway?

Expected output: dog

Input:Output: 
dodogg
show solution

Level 2

Requirements: Understandig of JavaScript

Imagine the input is placed in a template like the following:var someString = '[input]';Apostrophes are escaped. Can you find a way to break out of the string and open an alert() window?

When coding, there are many characters which have a specific meaning in a programming language. Sometimes you want to write these characters in plain text without them executing their functionality. To achieve that you can use the backslash character “ \ ”. It escapes the next character, which means displaying it normally and removing any functionality.

Hints:

  • JS commands in the same line can be separated by a semicolon.
  • It can be useful to comment out code parts which cause errors.
show hints and detailsInput:Output:var someString = '';
\';alert()//
show solution

Level 3

Requirements: Understandig of SQL

Imagine the input field below is used to input a username to find their favorite food. On the backend the input will be put into a SQL query. Can this be exploited?

If you got access to a database with user data, you might be able to find passwords which are (probably) hashed.

Your goal is to find a user with a weak password. What is the users password? Put it into the password field below.

Hints:

  • 'UNION' can be used in an SQL statement to add data from a different table.
  • There are password cracking tools out there, even some online tools like crackstation.net
show hints and details
Input:Query:
SELECT username, food FROM users_food WHERE username='';
Password:
' UNION SELECT username, password FROM users;--
herbertspassword
show solution

Web Development

Want me to work on your project?

I am a React + NextJS developer.
If you want to hire me for freelance work you can contact me at hello@winstonwww.com

Some programmy things I find interesting:

Web Design

Not doing web design any more, I just needed a section for the third "W" in the site's title. Although, if you got a very unusual project that involves design I might be intersted, if not, then you've just unnecessarily read this text.