About Carl Sampson-
I’m an application security geek.
Places I’ve Worked-
Presentations I’ve done-
Things that I’m interested in-
- I started the OWASP Indianapolis chapter in 2005 and continue to serve on the leadership team.
- I curate a site called Appsec.fyi. It contains a collection of links related to application security. It has since evolved into generally anything technical that I’m interested in, broken down by subject. I collect the links in Pocket and the site is automatically updated whenever articles are tagged.
- I like to bike and run. My current bike is a Specialized Tarmac. Follow me on Strava.
- I’ve done a 30k, several half-marathons, and more 5k’s than I can remember.
Exploring Python’s Cool New Feature: Pattern Matching Python, the versatile programming language known for its readability and extensive library support, continues to evolve with each new release. One of the most exciting additions to Python in recent years is the introduction of Structural Pattern Matching, introduced in Python 3.10. This powerful feature, inspired by pattern matching in languages like Haskell and Scala, brings a new level of expressiveness and efficiency to Python code.
Appsec.fyi is your ultimate guide to all things related to application security (AppSec). In today’s digital landscape, where cyber threats are increasingly sophisticated, protecting your applications from vulnerabilities is paramount. This platform serves as a comprehensive resource for developers, security professionals, and anyone interested in securing software applications.
At its core, Appsec.fyi provides valuable insights, best practices, and the latest trends in application security. From articles discussing common vulnerabilities like SQL injection and cross-site scripting to tutorials on secure coding practices and tools, the platform covers a wide range of topics essential for building robust and secure applications.
Exploring Python’s New Subinterpreters
The Python community never ceases to innovate. One of the most recent additions to Python’s vast feature set is “subinterpreters”. As the name suggests, subinterpreters provide a way to run multiple isolated Python interpreters within a single process. Let’s dive deeper into this novel concept and discuss its advantages and potential use cases.
What are Subinterpreters?
At a high level, each subinterpreter in Python has its own distinct memory space and execution state.
HTML5 introduced a powerful feature called postMessage that allows secure communication between different origins or domains. While this functionality provides a convenient way to exchange data across frames or windows, it also poses potential security risks if not implemented correctly. In this article, we will explore the security considerations of using postMessage and discuss best practices to protect cross-origin communication.
Understanding postMessage postMessage is an HTML5 feature that enables asynchronous communication between different browsing contexts.
Burp Suite is a popular web security testing tool that helps you secure web applications by testing and validating vulnerabilities. It’s a comprehensive platform for performing security assessments on web applications, and its extensibility is one of its key features.
Burp Suite extensions are add-ons that allow you to customize and extend the functionality of Burp Suite. These extensions can be written in any JVM-compatible language, including Java, Python, and Ruby.
Python is a powerful and versatile programming language that offers many features to help developers write clean and efficient code. One of these features is the use of context managers. In this blog post, we will take a closer look at what context managers are and how they can be used to simplify and improve your Python code.
A context manager is an object that defines the methods enter() and exit().
Content Security Policy (CSP) is a security measure that helps protect web applications from various attacks, including Cross-Site Scripting (XSS) and data injection. CSP works by specifying a set of Content Security Rules that dictate what resources are allowed to load on a page. This can be used to whitelist trusted sources of content, or to block untrusted content entirely.
One advantage of Content Security Policy is that it can help to prevent malicious code from running on a page.
39 links I found interesting today.
DetailsWriting a Burp Extension in Ruby Burp extensions can be written in 3 languages - Java, Python, and Ruby. Since Burp is a java app, in order to write extensions in Python you need Jython and in Ruby you need JRuby. For this example, we’ll use Ruby.
Step 1 - Downloading JRuby The first step is to download JRuby from https://jruby.org/download.
For this example we will be using the latest - 9.