Eric Range

Venom.sh

Today I implemented a few techniques to detect common web-based attacks and came across the following Nginx access log entry. I immediately spotted the command injection attempt but didn’t pay any attention due to the 400 “Bad Request” HTTP response status code. Somehow I was a little disappointed because the attack was easy to detect and […]

JavaScript: Is this a number?

Dynamic typing and JavaScript sometimes don’t fit together so well. This is especially important for numbers. A numeric value in a variable is not always declared as a number, although in theory it can only take numeric values. So how should one check whether it is a number “in the broadest sense” that can be […]