web penetration testing

An Introduction to Javascript for XSS Payloads

I recently got the opportunity to speak at B-Sides Charleston on cross-site scripting (XSS) payload development. For me, this was a really enjoyable opportunity because of my background. I was a software developer specializing in web apps for about 10 years. I did web development as a hobby for more than 10 years before that. …

An Introduction to Javascript for XSS PayloadsRead More »

Introducing Burp Correlator!

This one is for you web penetration testers!  This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one.  It analyzes all the parameters in your in-scope traffic and …

Introducing Burp Correlator!Read More »

SamuraiWTF 3.2 RELEASED!

We are really excited to announce that SamuraiWTF 3.2 is now available publicly.  This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated a number of tools, addressed bug issues, and improved the target environments to better suit a training environment. We have also updated the …

SamuraiWTF 3.2 RELEASED!Read More »

Web Penetration Testing with Burp and CO2

Start 2015 right with a free web session to learn all about the Burp CO2 plugin!  This training is scheduled for Thursday, January 8th, 2015 at 2pm EST. Portswigger’s Burp Suite is a very popular and flexible intercepting proxy tool among web application penetration testers. During this training session I will provide an overview of …

Web Penetration Testing with Burp and CO2Read More »

SamuraiWTF 3.0 and into the future!

We are really excited to announce that SamuraiWTF 3.0 is now available publicly.  (We did a previous release but found some issues and so that was pulled back.)  This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated the base operating system to Ubuntu 14.04 (hence the …

SamuraiWTF 3.0 and into the future!Read More »

CORS Global Policy

I recently noticed an uptake on Cross-Origin Resource Sharing (CORS) findings showing up in automated scanning tools, which would not have been a significant concern except for the fact that the tools were rating this as a relatively “high” severity and very few people I asked about it seemed to have any idea what it …

CORS Global PolicyRead More »

Professionally Evil Courses: Ride Along Penetration Testing

Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing.  This course will be held on October 9th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course.  In this 2 hour course, James …

Professionally Evil Courses: Ride Along Penetration TestingRead More »

Professionally Evil Web Penetration Testing Class

Ever thought about being able to test the security of your web applications? Wanted to know how the Professionally Evil hack web services and applications?  Interested in upgrading your skills around attacking modern web applications? Well now you have your chance! Secure Ideas is excited to announce the latest in our course offerings.  We will be …

Professionally Evil Web Penetration Testing ClassRead More »

Professionally Evil Training: Advanced Tactical Burp Webinar

Secure Ideas is excited to announce its latest upcoming online training.  We will be offering a two-hour session exploring advanced topics related to Burp Suite and its use in a web application penetration test.  Kevin Johnson and James Jardine will explore the various features of Burp Suite, focusing on how we use the system during our penetration …

Professionally Evil Training: Advanced Tactical Burp WebinarRead More »

Scroll to Top