Despite the high quality of supportive tools in the field of security testing, this is still unknown territory for many development projects and therefore still has some unused potential. Christian Schneider’s session at DevOpsCon 2017 offers a well-rounded overview of the open-source tools used by security professionals and penetration testers in their daily work on… Read More


SleuthQL aims to augment an assessor’s ability to discover SQL injection points by automating some of the request analysis required during a web application assessment. SleuthQL is a Python 3 script to search Burp Suite’s request history for parameters and values that match syntax matching that of database languages, such as SQL. It judges a… Read More


This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level. Source: jdow… Read More