I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web services are seen as difficult to enumerate, interpret, and exploit as well as an arena with only a small arsenal of tools available.
We’d like to […]
Description: Parsing the OWASP Top Ten with a closer look at Failure to Restrict URL Access
Per our discussion of OWASP Top 10 Tools and Tactics, we continue our closer look at each of the Top Ten with deeper analysis and specific examples of these vulnerabilities. As I continue to […]
One of the biggest problems that businesses and individuals face today is the cost of web application security.
It is not uncommon in the UK, for example, to pay a daily rate of around £1000 to have a website tested by an application security consultant. Web Application Firewalls can be […]
What is Arachni?
In very simple terms, Arachni is a tool that allows you to assess the security of web applications.
In less simple terms, Arachni is a high-performance, modular, Open Source Web Application Security Scanner Framework.
It is a system which started out as an educational exercise and as a way […]
Description: A tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten
If you’ve spent any time defending web applications as a security analyst, or perhaps as a developer seeking to adhere to SDLC practices, you have likely utilized or referenced […]
This tutorial, in three parts, will cover the process of writing a simple stack based buffer overflow exploit based on a known vulnerability in the Vulnserver application.
Vulnserver is a Windows server application with a number of exploitable vulnerabilities deliberately engineered in, and was designed to act as a target […]