Smart Contracts

Updating Solidity code and Testing a Smart Contract

Books on the Blockchain

Publica Self Publishing

Goodbye Contracting

Hello brave new old world...

Ruby-Selenium Webdriver

In under 10 Minutes

%w or %W? Secrets revealed!

Delimited Input discussed in depth.

Tuesday, 30 August 2011

Security Testing Research, links galore

Over at the Software Testing Club I just added a list of resources for use by members of the Security Testing Group I set up. I thought I'd add the list here for reference and encourage readers to visit the STC group.

Websites and Forums

Dark Reading:
Ethical Hacking Blog Site:
The Ethical Hacker Network:

Podcasts and Video Series
Cigital Silver Bullet Security Podcast:

Security Testing Methodologies

Threat & Incident Classification
Taxonomy of Coding Errors:


Nessus (Home Feed):

Hack to learn, dont' learn to hack.

Tuesday, 9 August 2011

How to get started on SQL Injection

Firstly, you need a good working knowledge of SQL. That may seem obvious but you can't just rattle off a bunch of SQL strings and have no idea what they are meant to be doing, what they are testing for and expect to test well.

Head over to here and diligently complete each of the exercises:

Secondly, get some pre-cooked SQL vectors to try out.

Go to and try out the vectors MANUALLY

Do them manually to learn what they are, really read them and get familiar with SQL attack vectors. Try and construct some of your own given your knowledge of the app you're attacking.

Thirdly, Open Firefox and add 'SQL Inject Me'

Play with this add-on and see how it changes how you approach your testing. When you're done go to Firefox and click on "Tools > Add-Ons > Extensions > SQL Inject Me > Options > SQL Injection Strings" and add the bespoke vectors you created earlier.

Have fun!


Principle Test Architect, Test Hats.