Django gives a local server but this is not a recommended solution for production environment… For this we’ll use nginx+gunicorn to make it more fault tolerant and robust.
mkdir dummyproj && cd dummyproj
python3 -m venv newenv
pip3 install Django
django-admin.py startproject hello
python manage.py runserver 0.0.0.0:8000
This will run your test project. If you are not testing it locally then you’ll have to allow hosts to connect to this project by editing
ALLOWED_HOSTS = ['*']
Python is a easy to learn and a very powerful
What does this even mean?
Interpreted- Ahh... Did I say "Interpreted"? Actually python does both. It first compile the code into "byte-code" and then Interprets the byte-code to perform what it was programmed for. (Read this stackoverflow answer)
High-level- This simply means you are abstracted from very core working of the computer system. (Read more at wikipedia)
General-Purpose- This means you can't debate that python is going to replace Java or C++ or any other programming languages. Just because that python has…
In this blog, I will assume that you have basic understanding of assembly language. If not, then you should consider learning it. Although I’ll try to explain things in the easiest terms as possible.
Let’s start with a basic C program…
CODE: (Saving it with
… and compile it the way we have always done it with
gcc simple.c -o simple.out
Now I have got a file
simple.out which should be my executable binary.. …
Using TFsec tool
Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. (Source →Terraform.io)
Basically, we use terraform tool to provision cloud services from CLI using the code.
But can we check if our terrafrom code has some security flaws??
YES. We can. Using TFsec tool.
TFsec uses HCL parser to understand the terraform code and have many default checks in place already. They also give you freedom to write your own custom checks.
You can run this tool in…
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
It is just to understand the basic fact that a user can not access (read/write/execute) files which he is not permitted to access. However, the superuser(root) can access all the files which are present on the system. In order to change any important configuration or perform any further attack, first we need to get root access on any Linux based system.
Before starting, I…
Advanced Intrusion Detection Environment (AIDE) is a host-based intrusion detection system (HIDS) for checking the integrity of files. It does this by creating a baseline database of files on an initial run, and then checks this database against the system on subsequent runs. File properties that can be checked against include inode, permissions, modification time, file contents, etc……….. more at archwiki📚
According to the definition, AIDE only checks for the integrity of file but not for rootkits and logs for other suspicious activities.
cryptsetup — manage plain dm-crypt and LUKS encrypted volumes
cryptsetup <OPTIONS> <action> <action-specific-options> <device> <dmname>
An encrypted blockdevice is protected by a key. A key is either:
Ok.. If you are new to encryption world, then it’s time to get a bit familiar data encryption.
There are 2 methods to encrypt your data:
According to Wikipedia,
Augmented reality is an interactive experience of a real-world environment where the objects that reside in the real world are enhanced by computer-generated perceptual information, sometimes across multiple sensory modalities, including visual, auditory, haptic, somatosensory and olfactory.
The basic idea of augmented reality is to superimpose graphics, audio and other sensory enhancements over a real-world environment in real time.
Besides, haven’t television networks been doing that with graphics for decades?
Yes, But AR is more advanced than any technology you have seen in the television broadcasting. These systems display graphics for only one point of view. …
In my previous few articles, We have seen multiple tools that helps to complete the devops lifecycle. S2I is yet another tool that helps in achieving the same .
As the name suggests, S2I is a framework that helps us to build docker images directly from the source code!! It means we don’t need to write a Dockerfile everytime we have a new patch or new updates in the code, or a completely new project.
We can just give our project source code to this framework, it’ll do all the heavy work for us and provide us with a good…
According to Wikipedia,
In software, a stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program’s call stack outside of the intended data structure, which is usually a fixed-length buffer.
Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer. This almost always results in corruption of adjacent data on the stack, and in cases where the overflow was triggered by mistake, will often cause the program to crash or operate incorrectly