Tag: programming
2010
08.09

If you have an Excel spreadsheet containing first and last names, how do you convert those names to email addresses (following the format First.Last@example.com)?

If you’re a programmer, maybe you use something like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
<?php

header("Content-type: text/plain");

$names = explode("\n", $_POST['names']);

foreach ($names as $cur_name)
{
    echo str_replace(' ', '.', strtolower(trim($cur_name))) . '@example.com' . "\n";
}

But maybe you’re not a programmer. Maybe you’ve never done any programming before in your life. If that’s the case, how do you solve a problem like this? Maybe I’m missing something obvious, but there doesn’t seem to be a simple way to do it (maybe there’s some kind of Mail Merge feature in Excel that could handle it?).

These kinds of problems crop up all the time in the real world. As a programmer, I often find myself writing small scripts and/or piping together some command-line tools to solve tasks like these; at this point, it’s almost second nature. Unfortunately, I realize that a lot of these tasks are much more difficult for people who don’t know how to program. Instead of writing a simple script, the user ends up looking for an application or tool that provides the functionality they need. If they can’t find it, they’re forced to perform the task manually or give up.

My advice for dealing with these kinds of tasks? Take an introductory computer science course and learn how to program, at least a little bit. Even if you never plan to use those skills again, you never know when they might come in handy.

Of course, it also doesn’t hurt to be friends with someone who knows how to program ( ;) ). I can’t speak for everyone, but I’m more than happy to write simple scripts to help my friends out. In fact, remember that PHP script at the top of the page? I originally wrote it for one of my friends. :-)

2010
07.07

When I was browsing /r/programming earlier this morning, I came across a link to a web application named Tweeter. I played around with it for a while and I think it’s a really awesome application, so I figured I’d write a post about it. :-)

Tweeter is a web application designed for a single purpose: to give people a chance to apply their knowledge of SQL injections to a “real” site. The attacker’s goal is to use his/her knowledge of SQL injections to post as an existing user named agentgill. Once the “hack” is complete, the attacker is directed to a new version of the website, designed with more safeguards and security measures that need to be circumvented. I don’t want to delve into the specifics of the different versions, but there are a total of four levels, each with their own set of challenges that must be overcome.

The new interface's type-ahead functionality, hard at work

Screenshot of Tweeter Level 1

I really enjoyed playing with Tweeter. It was a fun challenge and it gave me a chance to reuse some basic SQL injection knowledge I haven’t used in a while. It reminded me a little bit of Jarlsberg, a similar application created by Google to teach people about possible attack vectors in web applications (but which does not demonstrate SQL injections, since it does not use SQL). I believe tools like Tweeter are integral in teaching web application security; learning about SQL injections in class is nowhere near the same experience as being able to exploit them properly on a real website. I’ll definitely be adding it to my bookmarks.

If you’d like to try it out for yourself, you can click on this link to create a new instance on the author’s site.

More information about Tweeter (including a link to download the source) can be found on the author’s blog.