Holm Alone: Lost in the Static

I was a participant in a one-off unique immersive horror experience on Flat Holm island. Find out what is was about, what happened, and whether I survived...

Automating deletion of orphaned Sitecore blobs

After my previous article about Sitecore Blobs growing out of control, I cover how you can automate the deletion of orphaned blobs when you are using Azure SQL which does not allow for recurring jobs. I walkthrough the work involved using an Azure Function App.

We need to talk about Sitecore Blobs

Recently, I noticed that one of our set of Sitecore 10.1 databases had grown out of control. The cause, Sitecore Blobs, orphaned ones. This article describes my journey in tackling this problem and warnings about different versions of Sitecore.

Snyk CTF: Disco Dancer

Snyk do an annual CTF competition in which you have to exploit security vulnerabilities and solve encryption puzzles. This is a write up of how I solved the 'Disco Dancer' CTF challenge from last year.

Bypassing XSS filters

Recently I was going through a number of Bug Bounty programs looking for one particular weakness. The weakness I was focusing on is called Open Redirect (or Insecure Redirect). The most common form of this is where a user tries to load a page which requires them to be logged in. On many websites this … Continue reading Bypassing XSS filters →

Critical stored XSS vulnerabilities found in popular webmail client

Imagine if simply opening an email could result in the entire contents of your mailbox being stolen. That's exactly what was possible on this popular webmail client used by millions of email addresses around the world. Let me demonstrate what I found...

Escape API

With everyone in lock-down due to Covid-19, it is not possible to play something which has become very popular in recent years: escape room games. I decided to mix work and pleasure (not like that!) to create a virtual escape room. It’s not just virtual, it’s meta. Everything is API calls. Starting with a single … Continue reading Escape API →

Health Monitoring of Azure Web Apps with Sitecore

Recently when diagnosing an issue with a Sitecore website hosted on Azure Web Apps, I noticed an intermittent issue where we were seeing the application going up and down frequently. i.e. up for a minute, down for two, up, down, up, down. Investigation led me to see that it was one instance of the Web … Continue reading Health Monitoring of Azure Web Apps with Sitecore →

Hibob hacked (ethically)

Cross site scripting (XSS) is nothing new, it has been prevalent for as long as I have been a developer. In my experience, frameworks have reduced the amount we have to worry about protecting against certain attacks as they often handle the escaping for you. However this can give a false sense of security and … Continue reading Hibob hacked (ethically) →

Upgrading Sitecore Web Forms for Marketers to 8.1 and keeping MSSQL

If you are lucky enough to need to upgrade a Sitecore solution containing WFFM from 7.2 or earlier (or even 6.x as I have been doing) to 8.1, and you have a requirement to keep form data stored in MSSQL then you may encounter a few issues. The first thing to note is that in … Continue reading Upgrading Sitecore Web Forms for Marketers to 8.1 and keeping MSSQL →