OWASP

Professionally Evil Perspective Podcast – Methodology Continues with Discovery

James and I recorded the next episode of the Professionally Evil Perspective podcast this morning.  In it we get back to walking through the methodology that we use during a web application penetration test.  We had covered recon and mapping, so in this episode we go through the third step; discovery! James and I discuss …

Professionally Evil Perspective Podcast – Methodology Continues with Discovery Read More »

Professionally Evil Toolkit – Sqlmap

In this series of the Professionally Evil Toolkit we will be talking about sqlmap. Sqlmap is an open source penetration testing tool that is written in python. Sqlmap automates the process of detecting/exploiting SQL injection flaws and taking over of database servers.  As you might know, SQL injection is ranked number one on the OWASP …

Professionally Evil Toolkit – Sqlmap Read More »

Using a Throwing Star to Capture Packets

Mobile applications are a hot commodity these days.  It seems like everyone and their brother/sister is writing them.  Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere.  When I say bait, you guessed it, I really mean bait as in fishing bait.  Earthworms and such.  With everyone writing these …

Using a Throwing Star to Capture Packets Read More »

Scroll to Top