This is the second edition of “Which weapon should I choose for Web Penetration Testing?” I hope that you liked the first edition. The same rule applies to this edition: if you have a favorite tool for penetration testing that you want to share with other users, add its […]
Here is the first edition of my selection of penetration testing tools for web applications. There will be more editions of this topic so if you have a tool that you have used in performing web penetration testing, you can add its link in the comments and if it’s […]
By the end of 2012, the number of Smartphone shipments around the world will explode to nearly 668 million units, and the Android operating system will have a fifty percent market share. This also means an increase in the number of attacks on mobile applications and also in the investment […]
Q: A Collection of Metasploit Modules Not Accepted to Main Trunk for Various Policy or Quality Reasons
I guess we all know what Metasploit is, so we don’t really need to present to the reader the basics of Metasploit. But it’s still useful if we present the type of modules the Metasploit has. Metasploit has the following types of modules:
Auxiliary Modules: perform scanning and sniffing and […]
Lester: Hey Nash, are you scanning our school’s network with just your smartphone?
Nash: Well, yes I am! I’m using a network penetration suite just to check out if the students are aware and practicing what they learned from my network security class, and because I just told them about […]
In this article, we are going to see another powerful framework that is used widely in pen-testing. Burp suite is an integration of various tools put together to work in an effective manner to help the pen-tester in the entire testing process, from the mapping phase to identifying vulnerabilities […]
Joomla Security Scanner
Joomla Security Scanner Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla Websites.
It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla Sites. No web security scanner is dedicated only one CMS.
Features of Joomla Security Scanner
IronWASP stands for Iron Web application Advanced Security testing Platform, and was developed by Mr.Lavakumar Kuppan. It is an open source system and is mainly used for testing web application vulnerabilities. This tool is very simple to use and can be used by beginners. And the advantage of this tool […]
In the first part of this article, we discussed the iPhone application traffic analysis. In this part, we will take a look at the privacy issues and the application local data storage.
Every iPhone has an associated unique device Identifier derived from a set of hardware attributes called […]
The last time I checked, the majority of networking and security professionals were still human.
We all know that the problem with humans is that they sometimes exhibit certain behaviors that can lead to trouble – if that wasn’t the case we’d probably all be out of a job! One […]
This article focuses specifically on the techniques and tools that will help security professionals understand penetration testing methods for iPhone applications. It attempts to cover the entire application penetration testing methodology on a physical device (running with iOS 5) rather than a simulator.
Since the introduction of the iPhone, Apple […]
I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web services are seen as difficult to enumerate, interpret, and exploit as well as an arena with only a small arsenal of tools available.
We’d like to […]
Description: Parsing the OWASP Top Ten with a closer look at Failure to Restrict URL Access
Per our discussion of OWASP Top 10 Tools and Tactics, we continue our closer look at each of the Top Ten with deeper analysis and specific examples of these vulnerabilities. As I continue to […]
One of the biggest problems that businesses and individuals face today is the cost of web application security.
It is not uncommon in the UK, for example, to pay a daily rate of around £1000 to have a website tested by an application security consultant. Web Application Firewalls can be […]
Following their presentation at Infiltrate 2011, Jon Oberheide and Dan Rosenberg answered a few questions about the talk they gave.
Jon Oberheide is the CTO of Duo Security, an Ann Arbor-based startup developing kick-ass two-factor authentication. In his free time, Jon dabbles in kernel exploitation, mobile security, and beer brewing. […]