web penetration testing

Twelve Days of XSSmas

This series of daily mini-posts, running from December 12, 2018 to December 24, 2018, is intended to provide cross-site scripting (XSS) related tips. This will range from filter-evasion and payload minification tricks, to old (but still good) classic XSS tips, to scripts that make (or contribute to) interesting proof-of-concept payloads. Day 1 When building payloads …

Twelve Days of XSSmas Read More »

Spring Break without Breaking the Bank: Hands On Training

Over the last eight years, one of the main focuses of Secure Ideas has been education.  One responsibility we take very seriously is that of growing the skills within our clients and the public, with the objective of raising the bar in security.  This mindset and core passion of Secure Ideas is because we all …

Spring Break without Breaking the Bank: Hands On Training Read More »

Three C-Words of Web App Security: Part 2 – CSRF

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, I posted part one, which was Three C-Words of Web App Security: …

Three C-Words of Web App Security: Part 2 – CSRF Read More »

An Introduction to Javascript for XSS Payloads

I recently got the opportunity to speak at B-Sides Charleston on cross-site scripting (XSS) payload development. For me, this was a really enjoyable opportunity because of my background. I was a software developer specializing in web apps for about 10 years. I did web development as a hobby for more than 10 years before that. …

An Introduction to Javascript for XSS Payloads Read More »

Introducing Burp Correlator!

This one is for you web penetration testers!  This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one.  It analyzes all the parameters in your in-scope traffic and …

Introducing Burp Correlator! Read More »

SamuraiWTF 3.2 RELEASED!

We are really excited to announce that SamuraiWTF 3.2 is now available publicly.  This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated a number of tools, addressed bug issues, and improved the target environments to better suit a training environment. We have also updated the …

SamuraiWTF 3.2 RELEASED! Read More »

Web Penetration Testing with Burp and CO2

Start 2015 right with a free web session to learn all about the Burp CO2 plugin!  This training is scheduled for Thursday, January 8th, 2015 at 2pm EST. Portswigger’s Burp Suite is a very popular and flexible intercepting proxy tool among web application penetration testers. During this training session I will provide an overview of …

Web Penetration Testing with Burp and CO2 Read More »

SamuraiWTF 3.0 and into the future!

We are really excited to announce that SamuraiWTF 3.0 is now available publicly.  (We did a previous release but found some issues and so that was pulled back.)  This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated the base operating system to Ubuntu 14.04 (hence the …

SamuraiWTF 3.0 and into the future! Read More »

Scroll to Top