Web Applications Archives - Pentest Geek

Posted In:Web Applications Archives - Pentest Geek

standard

Burp Suite 2.0 Beta Review

2018/08/24 - By 

A lot of changes have been made with PortSwigger’s recent release of Burp Suite 2.0! You can see a complete list of all the new goodies by reading the release notes. In this article I’m going to cover just a few key highlights that I think are important. Keep in mind I just upgraded this morning and my experience, analysis and opinion is based on only a couple of hours playing around.
Read More


standard

How To Use Burp Suite – Web Penetration Testing (Part 2)

2014/11/14 - By 
Burp Suite Tutorial Part 2

In our last Burp Suite Tutorial we introduced some of the useful features that Burp Suite has to offer when performing a Web Application Penetration Test. In part 2 of this series we will continue to explore how to use Burp Suite including: Validating Scanner Results, Exporting Scanner Reports, Parsing XML Results, Saving a Burp Session and Burp Extensions. Lets get right to it!
Read More


standard

Burp Suite Tutorial – Web Application Penetration Testing (Part 1)

2014/07/02 - By 

Burp Suite from Portswigger is one of my favorite tools to use when performing a Web Penetration Test. The following is a step-by-step Burp Suite Tutorial. I will demonstrate how to properly configure and utilize many of Burp Suite’s features. After reading this, you should be able to perform a thorough web penetration test. This will be the first in a two-part article series.
Read More


standard

SQL Injection: Stealing the Keys to the Kingdom

2012/08/15 - By 

Recently I was conducting a penetration test for a very large high profile client. The last thing I was expecting to find was SQL Injection . The network itself had over 5500+ nodes and nearly 400 subnets.  I started out using one of my new tactics by utilizing Nmap’s new http-screenshot.nse script. If you haven’t had a chance to check it out; I highly suggest you do, its the new hotness. The NSE script essentially allows you to scan a network with nmap and take a screenshot of every webpage at the same time. Tutorials on how to use the script can be found on Pentest Geek here, or on Trustwave’s site here.

SQL Injection – Initial Identification

Normally when looking over all of the webpage screenshots I’m typically conscious of items like Apache tomcat servers with default creds, Jboss servers that expose the jmx-console, printers that have internal document servers holding confidential data, etc, etc…Read More


Share This

Recent Posts

Subscribe To Our Mailing List

Become a Web App Penetration Tester

Penetration Testing

Categories

Metasploit

Web Application Hacking


zeknox

Copyright 2018

css.php