Collaborate Disseminate
I want to run an automated REST API pentest, and I want to integrate my test into CI/CD pipeline. Note: I have the openapi specification of the APIs that I want to test.
My automated test will be divided into 2 parts:
Anti-regression test… Continue reading Which tool to use to automate REST API pentest
At work, I’m used to sniffing and capturing on network interfaces by which client and server intercom on LAN in my domain so as to grab genuine business data, followed by my customized replaying to auto-testing business processing logic of… Continue reading Testing in case of TLS 1.3 with AES-GCM
The concept of Continuous Integration (CI) is a powerful tool in software development, and it’s not every day we get a look at how someone integrated automated hardware testing into …read more Continue reading How Hardware Testing Got Plugged Into a Continuous Integration Framework
Using the requests library, I am trying to make request to a url. I’ve set the target to the specific url and checked, "And URL Is in Target Scope" in both Request interception rules and Response Interception rules.
Here’s a snip… Continue reading Not able to see server response when making request using python
Within a DevSecOps Ci/Cd pipeline, one of the best practices is to automatically discover and apply patches to vulnerable software prior to deployment.
Is it possible to check a CVE database, find patches, and then deploy? I want to build … Continue reading How do you build in the capability to automate the ability to discover and apply security patches in your ci/cd pipeline?
I’m confused a bit between the terms. What I know is that there is SAST and DAST. SAST is scanning code statically for possible vulnerabilities, equivalent to static code analysis. This is usually done with automated tools. And there is DA… Continue reading What is dynamic code analysis? Is it the same as DAST?
TL; DR;
Is generating automated requests to a government site illegal in some way?
There is a government site that provides a WebChat service as a contact option. When the chat is active there is a green button, otherwise, it is grey. It … Continue reading Is generating automatic requests illegal?
I’m trying to make an automated XSS detection toolkit for myself and I’m using google’s firing range for testing it. For this particular case of escaped XSS in HTML context https://public-firing-range.appspot.com/escape/serverside/encodeUr… Continue reading How to bypass server-side URL encoding ? [Firing-Range automation]
Question: Why does my curl request perform the SQL-Injection correctly but my ffuf request with the same payload does not?
curl -X POST -d "username=admin’ #&password=a" $TARGET`
ffuf -w /usr/share/seclists/Fuzzing/SQLi/quic… Continue reading Why does my automated SQL Injection with ffuf not work on the login form? [closed]
Question: Why does my curl request perform the SQL-Injection correctly but my ffuf request with the same payload does not?
curl -X POST -d "username=admin’ #&password=a" $TARGET`
ffuf -w /usr/share/seclists/Fuzzing/SQLi/quic… Continue reading Why does my automated SQL Injection with ffuf not work on the login form? [closed]