Ethereum Smart Contract Fuzz-Testing with Echidna

What is Fuzzing?                 Fuzz testing (or fuzzing) is an automated software testing method with the goal to find vulnerabilities, security issues, and defects of the application. The idea is to inject invalid, malformed, or unexpected inputs into the application using a fuzzing tool and observing how the system reacts to those inputs (e.g., exceptions, leakage … Read more

Security Engineer — Income and Opportunity

Before we learn about the money, let’s get this question out of the way: What Does a Security Engineer Do? A security engineer is a “white-hat hacker”, i.e., an IT professional who analyzes computer systems and computer networks to ensure they are running securely. This involves proactive analysis and understanding of possible security threats and … Read more

Caesar Cipher in Python

Caesar Cipher is a simple encryption and obfuscation method. It’s a straightforward substitution cipher that replaces each plain text character with the obfuscated character obtained by shifting the plain text character a fixed number of positions in the alphabet. What is Cryptography? Before we introduce our first cryptographic algorithm, Caesar’s cipher, let’s first introduce cryptography … Read more

Denial of Service (DoS) Attack on Smart Contracts

This post is part of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack The post discusses the Denial of Service or alias the DoS attack. The Denial of Service (hence referred to as DoS) restricts legitimate users from using the smart contracts permanently or … Read more

tx.origin Phishing Attack — Smart Contract Security Series [Part 4]

This post is part of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack In this post, we discuss phishing attacks due to tx.origin. In the regular phishing of a website, phishing begins with a phony email or another kind of communication intended to entice … Read more

Reentrancy Attack – Hacking Smart Contract Security Series [Part 3]

You can check out the code for this article on our GitHub. Preamble This post is in continuation of our Smart Contract Security Series. This post is part of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack The post discusses the next attack called … Read more

Private Variable Exploit – Hacking Smart Contract Security Series [Part 2]

Introduction This post is part of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack In this part 2 of the series, we’ll examine how to exploit the “private” vulnerability in Solidity. As the name suggests, private means not accessible to anyone outside. Can we … Read more

Ownership Exploit – Smart Contract Security Series Part 1

In the smart contract security series, we will see multiple vulnerabilities, attacks, and exploitations in the smart contracts, along with the prevention measures. This post is part of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack Unlike mobile and web development, in which software … Read more

Python exec() — A Hacker’s Guide to A Dangerous Function

Python’s exec() function executes the Python code you pass as a string or executable object argument. This is called dynamic execution because, in contrast to normal static Python code, you can generate code and execute it at runtime. This way, you can run programmatically-created Python code. Have you ever wondered about the limits of a … Read more

[Dash + Flask] How to Deploy a Python Dash App on Pythonanywhere.com

Here’s the step-by-step approach of how to deploy your Dash app on Pythonanywhere.com using Flask and pip: Create an account on Pythonanywhere.com. Create a Flask application. Create a Dash application. Copy the Dash app into the Flask app. Connect the Flask server with the Dash app. Modify the WSGI configuration file. Install Dash with pip … Read more

Python One-Line Password Generator

Can you believe it? People use unknown and potentially insecure websites to generate their random passwords! This works as follows: A website generates a “random” password for them and they copy&paste it and assume this is a safe password because of the randomness of the characters. What a security flaw! Why? Because the website could … Read more