During the interview process for my current role of Developer Advocate for API security I was asked to do an informal presentation about HTTPS, and to be sure I would get the role I went deep the rabbit hole and took as many notes as I could in this repo, that I am now making available as a blog post. This is not an exhaustive list of everything I know about HTTPS, but its my intention to keep updating it with more information as my free time allows.
I work as a Developer Advocate for API and Mobile Security. I am a strong believer that software should be designed with security has opt-out, instead of opt-in and shouldn’t be an after-though.
I am also a passionated Software Developer that loves Clean Code in a Clean Software Architecture. Currently in love with Elixir, a Functional Programming language that leverage’s the BEAM ecosystem for building highly concurrent and distributed systems with unmatched capabilities.
Please visit my profile for more details about me.
When we clone an object, that contains other objects is important to keep in mind that the objects stored in the properties of the object being cloned will stay as references to the original object, by other words will not be cloned, thus any change in this objects will have a direct reflex on the original object. This type of Clone is called a Shallow Object Copy. So we can control what happens when an object is cloned by implementing the method __clone() and inside of it we will ensure that all properties containing another object will contain also a clone of that object.
Dreaming is good and can take us far, but they need to be somehow realistic. I would love to work in a role where Security and Best Coding Practices are first class citizens. My dream job will be developing API’s using the API Design First Approach, where the project requirements would be written in the Gherkin Language to remove the ambiguity that traditionally occurs between developers and business. Security as a First Class Citizen The number of data breaches in the recent years has increased significantly, therefore no Software should be developed without having Security baked-in from day one.
Prestashop Module Send to a Friend allows Spammers to abuse the feature for sending emails to a friend
How I have discovered the security flaws in Prestashop Module - Send to a Friend One customer reported that the in-box for isPrestashop store email was containing hundreds of bounced emails, with spam, so I requested him to forward one of that emails to me. Just by open it, was obvious that the email was originated from is store, by the native Send to a Friend module. This module is installed, by default, on the original Prestashop theme and in many other third part themes.
The Usual Way Each time we need to checkout to the previous branch, we type git checkout previous-branch-name or when using ZSH Shell we can just type gco previous-branch-name. How to Git Checkout to Previous Branch in a Lazy and Fast Way Instead of the traditional way, described above, we can be lazy and fast at same time ;) Just type git checkout - or if using ZSH Shell gco -.
How to Check What Commits are in One Git Branch But Not in the Other Usually when comparing two branches we will use Git Diff Command that will show what lines of code are different between them. Now, how do we do when we only want to see what commits we have in one branch that are not present in other branch? So to get for branch1 a list of commits that are missing from branch2 we will use the Git Log Command.
In this Tutorial when referring to your Prestashop Online Store, the domain name used will be prestashop-tutoraials.dev, therefore when applying any How To instruction you will need to change it with your own domain. The same goes for the Prestashop Admin access folder, that you need to change from secret-admin-folder to the one used in your E-commerce Store. Just to be clear the full path used here to reach the Prestashop Back Office is prestashop-tutorials.
Responsible Disclosure Recently I made a Responsible Disclosure for 2 security vulnerabilities in Prestashop Module Send to a Friend and provided also the fixes for them in a Github Pull Request. This was done in coordination with Prestashop Core Team to ensure the issue was not public until Prestashop owners of Online Stores have the time to update the module and also to guarantee that the code for the fixes was according to their rules.
This Tutorial is a detailed How To aimed for Prestashop beginners, therefore I will not expected, from you, any knowledge at all about Prestasho Admin Interface. Step by Step to Update a Module in Prestashop Version 1.6.* During this Prestashop Tutorial the Url used to reach the Prestashop Back Office will be prestashop-tutorials.dev/v1616/secret-admin-folder and your one should be your-domain.com/your-secret-admin-folder or if your store is not in the root folder then it should be like your-domain.
So you are working in your Prestashop store and suddenly you get a blank screen and now matter how many times you retry the screen is always blank… wtf? By this time you are already thinking that you are in a dead end and rushing to Google and/or Prestashop community for help. Why Prestashop Debug must be always Enabled during Development? When in production we want PHP to hide all the errors it finds.
No email available, due to spam. Please use Twitter or Linkedin to reach out.
You can reach out by sending me a message on Twitter or Linkedin: