ritter.vg

You're browsing without Javascript! If you have no idea what that means, you should ask your technical friend about it.
Otherwise - kudos. The website should work - with the exception of comments. You can learn what they are; however, by visiting /comments.py?postid=code_poc
If it doesn't, please contact me and let me know.

tech > code > Proofs of Concepts

Warning! This page used to be kept up to date but hadn't been for a number of years. Expect a lot of broken links ahead!

Here are a collection of proofs of concepts of ideas I've had. Again, you're free to use and improve upon them - if you do, please contact me!

Finding SQL Injection in a White-Box Environment

When we have access to the database, we can farm SQL Injection testing to untrained QA Analysts - they don't even need to know what SQL Injection is. This is can catch unusual code paths and is generally less expensive than a full code audit.

Authenticating Via Categorical Preferences

Let's get rid of "Secret Questions" alltogether. Let's present an attacker with a hundred questions, only 6 of which he should answer. But it will still authenticate you without making you spend a half-hour filling in radio buttons.

Page-Level Caching of Dynamic Content using Javascript

Using DOM manipulation, dynamically created iframe, and a cached flat-HTML file - we can more efficiently serve what were previously dynamically created content pages like forums and blogs.

Comments

Add a comment...

Name: required
E-Mail: required, hidden, gravatared
Website:
Comment: required, markdown enabled (help)

you type:	you see:
italics	italics
bold	bold
[stolen from reddit!](http://reddit.com)	stolen from reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"