Despite the high quality of supportive tools in the field of security testing, this is still unknown territory for many development projects and therefore still has some unused potential. Christian Schneider’s session at DevOpsCon 2017 offers a well-rounded overview of the open-source tools used by security professionals and penetration testers in their daily work on… Read More

SleuthQL aims to augment an assessor’s ability to discover SQL injection points by automating some of the request analysis required during a web application assessment. SleuthQL is a Python 3 script to search Burp Suite’s request history for parameters and values that match syntax matching that of database languages, such as SQL. It judges a… Read More

This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level. Source: jdow… Read More

Common configuration mistakes, vulnerabilities, and chaining common network attacks while performing a wireless assessment can lead to corporate network access before lunch. Like my last Top 5 series, many of the same attack vectors used years ago still work in 2018. Source: medium… Read More