Secure Ideas is excited to announce its latest upcoming online training. We will be offering a two-hour session exploring advanced topics related to Burp Suite and its use in a web application penetration test. Kevin Johnson and James Jardine will explore the various features of Burp Suite, focusing on how we use the system during our penetration …
Professionally Evil Training: Advanced Tactical Burp WebinarRead More »
As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The best consultants have the know-how to understand which tool to use in which scenario. Imagine if during a penetration test I used SQLMap to look for CSRF …
One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications. Doing this for the normal browser to server architecture is fairly straight forward. Setting up the proxy for a web browser is pretty straight forward. Unfortunately, when we start getting out of the browser …
A few months ago I did the original Installing RatProxy on Windows blog post that describes both how to install Cygwin (required for RatProxy) and RatProxy. The previous post does a great job of walking through the process of the installation, but I wanted to do a video for those that prefer the visual aide …
As penetration testers, there are many different technologies that we have to be familiar with. The more we know and understand about a given technology, the better our test will be for our customers. ASP.Net is no exception. A recent post “ViewState XSS: What’s the Deal?” found at (http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/) provides good insight into an attack …
So the SamuraiWTF project have released the first few release candidates for the formal 2.0 release. Since the previously available version was 0.9.9 it seems odd that the current version is 2.0RC5. We have received a number of questions and so I think that this was a good time to explain whats going on. In …
In an effort to help developers and other windows users get started adding security testing into their process, this post will describe the process to install Ratproxy on Windows. Ratproxy is an interception tool that is used to inspect web traffic and identify potential security vulnerabilities. Ratproxy is distributed as code and needs to be …