Its a wrap! DerbyCon has ended for the Secure Ideas crew and we are all headed home. While a few team members are flying out, the rest of us are driving back to Jacksonville, FL. With 6 hours left on this trip, what better time to talk about DerbyCon. First, let me say that the …
As penetration testers, there are many different technologies that we have to be familiar with. The more we know and understand about a given technology, the better our test will be for our customers. ASP.Net is no exception. A recent post “ViewState XSS: What’s the Deal?” found at (http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/) provides good insight into an attack …
As a professional penetration tester, there are many features of an application that are similar across all languages. Unfortunately, just understanding general web concepts is not enough to fully test an application. This is due to the fact that each language, framework and implementation is different. They all have their own unique features that are …
Testing ASP.Net WebForms: Request Method Validation Read More »
So the SamuraiWTF project have released the first few release candidates for the formal 2.0 release. Since the previously available version was 0.9.9 it seems odd that the current version is 2.0RC5. We have received a number of questions and so I think that this was a good time to explain whats going on. In …
In an effort to help developers and other windows users get started adding security testing into their process, this post will describe the process to install Ratproxy on Windows. Ratproxy is an interception tool that is used to inspect web traffic and identify potential security vulnerabilities. Ratproxy is distributed as code and needs to be …