ViewState XSS: What’s the Deal?

As penetration testers, there are many different technologies that we have to be familiar with.  The more we know and understand about a given technology, the better our test will be for our customers.  ASP.Net is no exception.  A recent post “ViewState XSS: What’s the Deal?” found at (http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/) provides good insight into an attack …

ViewState XSS: What’s the Deal? Read More »

Testing ASP.Net WebForms: Request Method Validation

As a professional penetration tester, there are many features of an application that are similar across all languages.  Unfortunately, just understanding general web concepts is not enough to fully test an application.  This is due to the fact that each language, framework and implementation is different.  They all have their own unique features that are …

Testing ASP.Net WebForms: Request Method Validation Read More »

MobiSec Live Environment DARPA Project

Mobile devices have become the most common computer technology available today, as indicated in a recent report from the CTIA stating that the United States now has more mobile phones than people; a staggering 327.6 million phones!  In the past year, the number of smartphones and wireless-enabled PDAs (tablets, e-readers, etc.) has risen 57%, to …

MobiSec Live Environment DARPA Project Read More »

Life keeps going on….

Wow, I can’t believe it has been this long since my last post. Quite a bit is going on around here. Sarah was born and I am teaching SANS classes coming up in September and then October. We released the updated hping for Windows and got Nikto-NSE out the door. Both of these were added …

Life keeps going on…. Read More »

Scroll to Top