- What draws you to appsec?
- Explain a situation that you worked with a developer on.
- What is your general process for testing an application, and what can you test for if only given the URL to the login page?
- How do you stay current with the security industry?
- What do you do besides security and technology for fun?
- What are two ways to exploit response splitting?
- How would you fix response splitting?
- How do the git and svn models differ?
- What does git branch -a branchname do?
- What is continous deployment?
BuffaloWill
/ cloud_metadata.txt
Last active
January 22, 2026 16:44
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
szolotykh
/ twitter-post.py
Created
January 29, 2015 16:52
Script post on twitter message and image with tweepy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import tweepy | |
| import os | |
| # Consumer keys and access tokens, used for OAuth | |
| consumer_key = '' | |
| consumer_secret = '' | |
| access_token = '' | |
| access_token_secret = '' | |
| # OAuth process, using the keys and tokens |
willurd
/ web-servers.md
Last active
February 3, 2026 15:05
Big list of http static server one-liners
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000NewerOlder