Burp Suite

Insomnia plus Burp Suite icons

Getting Started API Penetration Testing with Insomnia

April 15, 2020 / By / Leave a Comment

In our blog series on Better API Penetration Testing with Postman we discussed using Postman as the client for testing RESTful service APIs. Insomnia is an MIT-licensed open source alternative to Postman. Its commercial maintainer, Kong, is best known for their microservice API Gateway. Like Postman, Kong offers premium subscriptions for syncing and collaboration functionality. …

Getting Started API Penetration Testing with Insomnia Read More »

Better API Penetration Testing with Postman – Part 3

July 18, 2019 / By / 3 Comments

In Part 1 of this series, we got started with Postman and generally creating collections and requests. In Part 2, we set Postman to proxy through Burp Suite, so that we could use its fuzzing and request tampering facilities. In this part, we will dig into some slightly more advanced functionality in Postman that you …

Better API Penetration Testing with Postman – Part 3 Read More »

Burp and Postman

Better API Penetration Testing with Postman – Part 2

April 14, 2020 / By / Leave a Comment

In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. …

Better API Penetration Testing with Postman – Part 2 Read More »

Better API Penetration Testing with Postman – Part 1

June 27, 2019 / By / Leave a Comment

This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting …

Better API Penetration Testing with Postman – Part 1 Read More »

Spring Break without Breaking the Bank: Hands On Training

November 28, 2018 / By / Leave a Comment

Over the last eight years, one of the main focuses of Secure Ideas has been education.  One responsibility we take very seriously is that of growing the skills within our clients and the public, with the objective of raising the bar in security.  This mindset and core passion of Secure Ideas is because we all …

Spring Break without Breaking the Bank: Hands On Training Read More »

Professionally Evil Web App Pen Testing 101 Course

February 16, 2018 / By / 3 Comments

UPDATE: Updated the done steps. below.  Also changed the links from S3 to Git. Since our founding in 2010 Secure Ideas has always tried to focus on education and increasing the amount of available knowledge in our field.   As such we have contributed to courses, presented at conferences around the world and contributed to open …

Professionally Evil Web App Pen Testing 101 Course Read More »

Introducing Burp Correlator!

September 11, 2015 / By / 1 Comment

This one is for you web penetration testers!  This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one.  It analyzes all the parameters in your in-scope traffic and …

Introducing Burp Correlator! Read More »

Adventures in LDAP Injection: Exploiting and Fixing

September 11, 2015 / By / Leave a Comment

Every pen tester looks forward to that next encounter that includes one of those uncommon vulnerabilities that ultimately result in an exciting session of exploration and learning.  During a recent web penetration test I ran across one of these rare gems when I started seeing some odd behavior on a forgot password form.  In this …

Adventures in LDAP Injection: Exploiting and Fixing Read More »

Scroll to Top