We are really excited to announce that SamuraiWTF 3.2 is now available publicly. This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated a number of tools, addressed bug issues, and improved the target environments to better suit a training environment. We have also updated the …
We are really excited to announce that SamuraiWTF 3.0 is now available publicly. (We did a previous release but found some issues and so that was pulled back.) This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated the base operating system to Ubuntu 14.04 (hence the …
Ever thought about being able to test the security of your web applications? Wanted to know how the Professionally Evil hack web services and applications? Interested in upgrading your skills around attacking modern web applications? Well now you have your chance! Secure Ideas is excited to announce the latest in our course offerings. We will be …
Professionally Evil Web Penetration Testing ClassRead More »
Charlotte ISSA will be hosting a two-day Samurai-WTF (Web Testing Framework) course led by myself (Jason Gillam of Secure Ideas) January 21st and 22nd. Students will learn the latest Samurai-WTF open source tools and the latest manual techniques to perform an end-to-end penetration test. After a quick overview of pen testing methodology, the instructors will …
The first stage of almost every successful penetration test is the reconnaissance phase. During this phase of an engagement we scour publicly accessible resources for information about the target that will provide insight and direction for later phases. We look for information that was made public intentionally, and sometimes unintentionally, that tells us more about …
Burp Suite from Portswigger.net is a fantastic web app testing tool that we use regularly at Secure Ideas. Though Burp is very popular in the security industry, there are a lot of features that often get overlooked. One of these features is the “Compare Site Maps” feature. This wizard-based function compares two different site maps of a …
Comparing Authorization Levels with Burp’s Compare Site Map featureRead More »
The below video is an introduction to Burp Suite. This is the first of our videos that will teach people how to use Burp Suite and other tools the same way we do during our penetration tests. In this video we talk about the different tabs and functions available within the professional version of Burp …
In this series of the Professionally Evil Toolkit we will be talking about Reconnoiter. Reconnoiter was created by Secure Ideas very own Jason Wood. Reconnoiter is a set of scripts written in python to help aid in the reconnaissance phase of a penetration test. The tool has two main functions, username generation and LinkedIn profile harvesting. The …
I am very excited to be writing this entry. As of August 10, 2013 the SamuraiWTF project will be five years old! It’s been quite a run and I am looking forward to a long future. This project has meant a lot to me and I am honored to have so many great people as …
Autocomplete is always a fun topic to discuss…. ok maybe my idea of fun is not the normal idea. 🙂 During our web penetration testing, we often find where the client’s application allows the password or other sensitive information to be saved by the browser. When we find it, we often have push back from …
Autocomplete and actual risk: Why do we look at it?Read More »