As penetration testers, there are many different technologies that we have to be familiar with. The more we know and understand about a given technology, the better our test will be for our customers. ASP.Net is no exception. A recent post “ViewState XSS: What’s the Deal?” found at (http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/) provides good insight into an attack …
As a professional penetration tester, there are many features of an application that are similar across all languages. Unfortunately, just understanding general web concepts is not enough to fully test an application. This is due to the fact that each language, framework and implementation is different. They all have their own unique features that are …
Testing ASP.Net WebForms: Request Method Validation Read More »
In an effort to help developers and other windows users get started adding security testing into their process, this post will describe the process to install Ratproxy on Windows. Ratproxy is an interception tool that is used to inspect web traffic and identify potential security vulnerabilities. Ratproxy is distributed as code and needs to be …
For most testers, MobiSec will be installed on a VM running on their testing machine, however, I recently came across the need to run MobiSec on an ESXi server, and I don’t want to have to use the vSphere client (which only runs on Windows) to access the “console” on the VM. I could setup …
The Browser Exploitation Framework (BeEF) is a wonderful tool to have in your pen test arsenal. The latest version of the framework is written in ruby and requires ruby version 1.9.1 or greater in order to run. The default version of ruby that Ubuntu 10.04 LTS installs with the “apt-get install ruby” command is 1.8.7. …
Mobile devices have become the most common computer technology available today, as indicated in a recent report from the CTIA stating that the United States now has more mobile phones than people; a staggering 327.6 million phones! In the past year, the number of smartphones and wireless-enabled PDAs (tablets, e-readers, etc.) has risen 57%, to …