# Security

User input must be sanitized!

## Weird machines

Unrelated for now but there is an Android's vulnerabilities CVE-2017-13156 where the system parses an APK or a DEX allowing to bypass signature.

## Pentesting

There are several phases

1. recon
2. scan
3. gain access
4. maintain access
5. cover tracks

6. https://github.com/coreb1t/awesome-pentest-cheat-sheets

7. https://github.com/nixawk/pentest-wiki
9. OWASP-Testing-Checklist

## Bruteforce

In some cases it's important to make the space containing certain variables big enough to not be guessed in human time.

The most used tool is john the ripper: on a Linux system is possible to edit the src/Makefile and compile it with

$make -C src -f Makefile linux-x86-64-native  One usage is toto generate a mangled list of word starting from a pristine one with the following command: $ ./run/john --wordlist=wordlist.txt --stdout --rules > expanded-word-list.txt


With no options, john will start in "single" mode first, then move on to "wordlist" mode, and finally to "incremental" mode.

\$ john --incremental=Digits --stdout
1952
12345
123456
0065663


Obviously you need a good wordlist!

## Format String

Remember that using a too big string to exploit this vulnerability can overwrite sensible stuff, use a string as little as possible.

## Side channel

You can check the vulnerability of your processor from /sys/devices/system/cpu/vulnerabilities/.

## Type juggling

This is possible in language that casts automatically different types when operators are used, particularly when are present more than one equal operator (== and ===).

In PHP this is more dangerous when a conversion from JSON is done.