Collaborate Disseminate
Question: Why does my curl request perform the SQL-Injection correctly but my ffuf request with the same payload does not?
curl -X POST -d "username=admin’ #&password=a" $TARGET`
ffuf -w /usr/share/seclists/Fuzzing/SQLi/quic… Continue reading Why does my automated SQL Injection with ffuf not work on the login form? [closed]
I notice that although we have many tools for security tests (SAST, SCA), I couldn’t find an open source project on github that implements those tests. I’ve searched for google, Mozilla, OWASP and other big companies repositories, some of … Continue reading Security testing best practices when opening a project to the community
I am getting Validation.EncodingRequired for this code
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
FileUploadForm uploadForm = (FileUpl… Continue reading Validation.EncodingRequired CWE 116 by appscan
I was doing SAST of a .NET application (.aspx and .vb) using Appscan source for analysis. I can scan aspx files but I am not able to scan .vb files in Appscan. How do you scan .vb files?
When running the screenshot.js on https://try-puppeteer.appspot.com/, a web based Puppeteer.js I the image produced was of a gaming/gambling website, not my website at all!
My site was https://puppet.azurewebsites.net/custEvntSingle.html… Continue reading What type of breach is occurring with Puppeteer.js on this Azure hosted webapp? (Snapshot provided)
We’re a software development team who outsource security testing. We schedule design reviews and penetration testing every 6-12 months. We’ve realised how bad this sounds and have been investigating automated testing, e.g static code analy… Continue reading Automated testing maturity model
Complying with DoD’s new cybersecurity regulations requires hard data, the kind that pretty much requires automation to compile.
The post If You Don’t Hire Robots to Attack Your Networks, You’re Not Doing Security Right appeared first on AttackIQ.
The … Continue reading If You Don’t Hire Robots to Attack Your Networks, You’re Not Doing Security Right
I want to run an automatic scan on a web application made with Angular and JSNode. On this one I have access to different types of accounts. On ZAP OWASP I can select the POST request, it detects the parameters in the request, I show it wh… Continue reading Auto-login to refresh token in Burp Suite 2
Reflect, a member of Y Combinator Summer 2020 class, is building a tool to automate website and web application testing, making it faster to get your site up and running without waiting for engineers to write testing code, or for human testers to run the site through its paces. Company CEO and co-founder Fitz Nowlan […] Continue reading Reflect wants to help you automate web testing without writing code
With enormous amounts of fighting with Windows/Microsoft Defender, I finally managed to download the "test virus" file from https://www.ikarussecurity.com/en/private-customers/download-test-viruses/ onto my desktop.
However, Defe… Continue reading How am I supposed to check Defender’s capability when it trusts me blindly after I mark a test malware file as "allowed"?