After installing ssl certificate for django application on apache server with debian, I am getting Default test page only

Following are my configuration files

<VirtualHost *:80> Redirect permanent / https://www.piping.pro/ ServerName localhost ServerAdmin admin@piping.pro  ErrorLog $  {APACHE_LOG_DIR}/error.log CustomLog $  {APACHE_LOG_DIR}/access.log combined </VirtualHost>  <VirtualHost *:443> ServerName localhost ServerAdmin admin@piping.pro  Alias /static /var/www/static-root <Directory /var/www/static-root>    Require all granted  </Directory>  Alias /media /var/www/media-root <Directory /var/www/media-root>    Require all granted </Directory>  <Directory /var/www/venv/src/mysite>     <Files wsgi.py>         Require all granted     </Files> </Directory>   ErrorLog $  {APACHE_LOG_DIR}/error.log CustomLog $  {APACHE_LOG_DIR}/access.log combined  SSLEngine on SSLCertificateFile /etc/ssl/piping_pro.crt SSLCertificateKeyFile /etc/ssl/private/PrivateKey.key SSLCertificateChainFile /etc/ssl/piping_pro.ca-bundle  </VirtualHost> 

How to do Mobile application testing using Burp Suite on latest ios and android devices

I am trying to intercept the request with burp suite for mobile application pen testing on iOS and Android devices.

Here are the settings below which I have done in below points.

  1. I made sure that my mobile device and the burp is on same network
  2. All interfaces in proxy options
  3. Downloaded ca certificate on the mobile and enabled from Certificate Trust Settings for PortSwigger CA.
  4. Set the manual proxy on device to same IP address which is on PC.
  5. Asked application team if there is any SSL pinning is implemented and the answer was “NO” from their end.

Information on my issues where I got stuck.

When I intercept the request in burp I see so many error messages the client failed to negotiate an SSL connection.

Finally I came to an understanding that I need to have a rooted or jailbreak device to fully test the application and I am not sure how to do those things in the new version of iOS and android (made in USA)

How can I safely store application secrets/passwords in git and other version control systems?

When I saw this question: Why is storing passwords in version control a bad idea?

I immediately thought that question could be inverted to be: Why is storing passwords in version control a good idea?

  1. True Infrastructure as Code = App + Config + Secrets, all stored as code. (Having this allows results to be replicated reliably.)
  2. Consistency is the best friend of automation/CI/CD Pipelines. Having App + Config in source control, and Secrets in HashiCorp Vault makes your automation more complex. If all 3 are stored consistently in git automation becomes much easier.
  3. It’s important to store your config in a version control system. The thing is .json or .yaml config files with secrets and other sensitive information embedded alongside the configuration are pretty common. Why not just put those in version control too?
  4. Allowing Secrets in git offers the following benefits:
    1. There’s a changelog of when the secret changed, and an audit trail of who changed it, this knowledge allows the scope of debugging to be narrowed.
    2. Sometimes a dev isn’t sure if their code is wrong, or if the secret is formatted in some weird an unexpected way. A dev being able to look at a dev version of the secret while working, and then an ops person being able to compare a dev and pre-prod version of a secret helps debug quicker. (Example: Maybe a .txt file was created on Mac/Linux by a Dev, then created on Windows by an Ops guy and the dev vs pre-prod version of the secret ended up with 2 separate character encodings?, Missing Quote(s), rn vs m, extra space, all kinds of misspellings.)
    3. I’ve run into a scenario where an app was being rapidly developed, and a new feature required a new secret to be added, the secret was added to the dev environment, then a pre-prod version of the application was launched, it wasn’t working and it took a while to figure out that it was because the newly added secret was never created for (much less applied to) the higher environments. (If secrets were consistently stored in git, this would have been obvious by inspection.)

But then I realized there’s a better question beyond:
Why is storing passwords in version control a bad idea?
vs
Why is storing passwords in version control a good idea?

And that’s:
How can I safely store application secrets/passwords in git?
Challenges:

  • It’s obvious that the secret would need to be stored encrypted. But safely storing encrypted data in git, requires that it’s impossible for decryption keys to be leaked:
    If git users directly decrypt secrets using PGP or symmetric keys, then when the decryption keys get leaked, there’s no way to revoke or invalidate the decryption keys and there’s no way to purge the git history because it’s decentralized.
  • Need a means to audit if a piece of data was decrypted or who decrypted it.
  • Need to be able to assign Granular access rights to who can decrypt what secrets. Devs shouldn’t be able to decrypt prod secrets. Ops person who can decrypt Prod application A’s secrets, shouldn’t necessarily be able to decrypt Prod application B’s secrets.
  • Need to be able to prevent footgun scenarios: like accidentally decrypting a previously encrypted secret, then committing the decrypted version of the secret back to the repo.

ASP .NET CORE 2.0 web application on IIS showing sqlite error 14 “unable to open database file”

So I had run into a problem when I attempted to host a web application. Everything works fine in visual studio and when I use IIS express for debugging, but when I publish it and upload it to my server to be hosted this error pops up (title). I am of course using sqlite3 as a database, the file is located outside the project itself and the data source path is correct, I’ve tried to publish it both when the file is inside the project (inside wwwroot, with data source being just /dbname.db) and outside but in both instances sqlite error 14 comes up.

Note that the solution to this problem might be as simple as adjusting some permissions if lets say that is the cause of the problem as I am not really that experienced in using IIS yet.

Mistake on visa application

On my visitor visa to the UK application form,the question “have they always had the same nationality?”which is under parent details I put No instead of Yes..and I have already paid and submitted my application but I haven’t been to the embassy..what can I do please advice ..and I plan on going to travel alone and not with any parent of mine

SQL Server Reporting Services Service Application Encryption Error

I’m trying to create a new SQL Server Reporting Services Service Application, I go in and set all my settings and the application creates just fine. But when I click on the service application i created and click “System Settings” I got this error:

The report server cannot decrypt the symmetric key that is used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. —> Microsoft.ReportingServices.Library.ReportServerDisabledException: The report server cannot decrypt the symmetric key that is used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. —> System.Security.SecurityException: Requested registry access is not allowed.

Whats funny is that on my SQL server I totally deleted the Reporting database from SQL manager, and then used “Reporting Services Configuration Manager to create a new database with a different name and I’m still getting this error. Has anyone else ever come across this? I’m stuck and confused as to why it is doing this.

Any help would be greatly appreciated.

Is attempt like this, when using Application class, breaking MVVM pattern?

In my application I am using two view models. MainViewModel if fiered when MianWindow is initialized. And UpdateViewModel is fiered when UpdateWindow is initialized.

The update VM is supposed to use data from collection that is a property of the main VM and has its instance laready, and I need to refer to it somehow. And I was wondering, is refering to this collection with MainViewModel vm = (MainViewModel)win.DataContext; is breaking MVVM pattern or testability somehow or is any kind of antipattern? Thank you.

The code:

public class UpdateViewModel : ViewModelBase     {         public UpdateViewModel()         {             Jockeys = new ObservableCollection<LoadedJockey>();              PopulateCollections();         }          private void PopulateCollections()         {             MainWindow win = Application.Current.Windows.OfType<MainWindow>().FirstOrDefault();             MainViewModel vm = (MainViewModel)win.DataContext;              Jockeys = vm.Jockeys; //is it ok?              vm.Jockeys //is it ok?         }          public ObservableCollection<LoadedJockey> Jockeys { get; private set; }      }