web penetration testing

WinPhone 7: Fiddler Setup

One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications.  Doing this for the normal browser to server architecture is fairly straight forward.  Setting up the proxy for a web browser is pretty straight forward.  Unfortunately, when we start getting out of the browser …

WinPhone 7: Fiddler Setup Read More »

Happy New Years!

As we finish 2012 and look forward to 2013, Secure Ideas’ staff would like to wish everyone a happy new year.  We also thought it would be fun to do a quick review of the year, with each of our staff including their thoughts.  So here goes…. What a great second year for Secure Ideas! …

Happy New Years! Read More »

Grey Box Penetration Testing

A common question I get from potential clients is “what is grey box testing and why do we need it?”  I believe this often stems from the request for credentials to an application when discussing the penetration test.  The thought is that if we are testing the system like an attacker,   providing credentials is breaking …

Grey Box Penetration Testing Read More »

Installing RatProxy on Windows – Video Uploaded

A few months ago I did the original Installing RatProxy on Windows blog post that describes both how to install Cygwin (required for RatProxy) and RatProxy.  The previous post does a great job of walking through the process of the installation, but I wanted to do a video for those that prefer the visual aide …

Installing RatProxy on Windows – Video Uploaded Read More »

ViewState XSS: What’s the Deal?

As penetration testers, there are many different technologies that we have to be familiar with.  The more we know and understand about a given technology, the better our test will be for our customers.  ASP.Net is no exception.  A recent post “ViewState XSS: What’s the Deal?” found at (http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/) provides good insight into an attack …

ViewState XSS: What’s the Deal? Read More »

Testing ASP.Net WebForms: Request Method Validation

As a professional penetration tester, there are many features of an application that are similar across all languages.  Unfortunately, just understanding general web concepts is not enough to fully test an application.  This is due to the fact that each language, framework and implementation is different.  They all have their own unique features that are …

Testing ASP.Net WebForms: Request Method Validation Read More »

Scroll to Top