How to improve Oracle Standard Edition’s performance for testing?

There’s a great post on StackOverflow about improving Postgres performance for testing.

https://stackoverflow.com/questions/9407442/optimise-postgresql-for-fast-testing/9407940#9407940

However, there aren’t any resources on doing the same for OracleDB. I don’t have a license for Enterprise Edition, that has features like ‘In-Memory’ columnar storage that would almost definitely improve performance.

https://docs.oracle.com/en/database/oracle/oracle-database/19/inmem/intro-to-in-memory-column-store.html

I’m really limited in what I can try in Standard Edition. It’s running in a Docker container in a CI pipeline. I’ve tried putting the tablespace on a RAM disk, but that doesn’t improve performance at all. I’ve tried fiddling with FILESYSTEMIO_OPTION, but no performance change.

Would anyone know of some more obvious things I can do in OracleDB in a CI environment?

Fiddler as proxy – and how to clone WordPres locally for testing

I got my local setup working under 127.0.0.1:91/blog. In order to overwrite my server default domain I added locally this to my wp-config.php file:

define('WP_HOME','http://127.0.0.1:91/blog'); define('WP_SITEURL','http://127.0.0.1:91/blog'); define('FORCE_SSL_LOGIN',false); define('FORCE_SSL_ADMIN',false); 

In my Fiddler Web Debugger script I am using this to redirect my browser request to my domain name, to instead go to my local setup:

if (oSession.HostnameIs("my.domain.name")){     oSession.bypassGateway = true;     if (oSession.HTTPMethodIs("CONNECT")){         oSession["x-replywithtunnel"] = "FakeTunnel";         return;     }       oSession["x-overrideHost"] = "127.0.0.1:91";     oSession.fullUrl = "http://127.0.0.1:91" + oSession.PathAndQuery; } 

How can I get WordPress returned page to be rewritten before it gets sent do the browser from 127.0.0.1:91 to my.domain.name; and from http:// to https://? Or is there a smarter way to go about all of this within WordPress?

I tried this in my Fiddler Script but it is not working:

if oSession.oResponse.headers.ExistsAndContains("Content-Type","text/html")){     oSession.utilDecodeResponse();     oSession.utilReplaceInResponse('http://','https://');     oSession.utilReplaceInResponse('127.0.0.1:91','my.domain.name'); } 

I suppose I could setup an Apache proxy rewrite for the pages that get returned, but I am not sure how to go about this.

User Testing Service. Launched June. Made $1000+ profit in July. 100% Outsourced.

Welcome to the auction for UsabilityTrial.com

Intro

Research shows that over 500 000 websites and 1500 mobile apps are launched every day!

With that in mind, we decided to create this service which gives owners of these new websites and apps access to real users who can test out their platforms before launch and provide feedback.

We launched the business in July and it has since generated 9 sales in July. (proof of income attached)…

User Testing Service. Launched June. Made $ 1000+ profit in July. 100% Outsourced.

Penetration testing: stuck with injecting upload form

I have to do an assignment for a penetration testing exam but i’m a little bit stuck.

Among all the vulnerabilities i have to inject an upload form but it behaves weird, if i upload a file (even an image or similar) it does not do anything so i can’t tell if the file has been uploaded or not, there is no error message , anything useful.

I have a LFI vulnearbility so i can check files in /var/www/html and get the source but i can’t find anything useful, basically i have only .php frontend files :\

What vulnerability can i expect? or are there any tests that i can do?

This is the post request of burp-suite when i upload: https://imgur.com/a/Z7zeFoQ

Thank you 🙂

Responsive websites testing

Hi everyone ,

I'm a web developer, and I've often found myself wasting too much time checking if a responsive website displays properly on all screen sizes.

I feel we have lots of powerful and advanced applications to design and code websites, but there are very few tools to test and debug the behavior of responsive web pages.

I guess many of you have found themselves in my shoes before.

To overcome this problem and make our work easier, I've created slashB, an application that provides…

Responsive websites testing

OWASP Client-Side Testing – How To

In the OWASP Testing Guide, it has a whole section called “Client-Side Testing.” This section has to do with testing for things such as DOM-based XSS, JavaScript execution, HTML injection, Client-Side URL Redirect, etc. The examples in the testing guide for the first four vulnerabilities (the ones I just listed) all include code that access document.location.

My question is, what other ways are there for these kinds of vulnerabilities to be introduced into a web page without accessing document.location? In other words, if a page does not ever access document.location, is it definitely free from these vulnerabilities?