Collaborate Disseminate
In an era where cyber threats loom larger than ever, the demand for robust security solutions is critical. Our Automated Penetration Testing Tool is designed to empower ethical hackers and security professionals by simplifying the testing … Continue reading Calling All Ethical Hackers: Test My New Automated Tool and Share Your Thoughts!
I want to run ZAP automated scan to a web application. I have the url which is example.com/myapp. When I browse the application in burpsuite, I can see some rest endpoints being called like example.com/authz/rights-administration/.
When ru… Continue reading Running zap scan on a web application is not detecting all endpoints
In the context of web application security assessments, uncovering hidden admin panel IDs can be quite challenging, especially when standard paths are obscured or deliberately hidden. How can I identify the admin panel ID through scanning … Continue reading How to find hidden services, admin panels, files or ports that host sensitive login pages? [closed]
In the context of web application security assessments, uncovering hidden admin panel IDs can be quite challenging, especially when standard paths are obscured or deliberately hidden. How can I identify the admin panel ID through scanning … Continue reading How to find hidden services, admin panels, files or ports that host sensitive login pages? [closed]
I’m trying to set up an authenticated scan for a webapp, lets say admin.example.com. The authentication is done by a different service login.example.com through a JSON AJAX call. After successful authentication, the login.example.com would… Continue reading ZAP authenticated scan without locking out the test user
I am practicing initial access & privilege escalation using legacy vulnerabilities, particularly the RCE vulnerability on the Tomcat Manager.
I have been trying to use Nikto to first scan the Tomcat instance for default credentials, bu… Continue reading Using Nikto to scan for default credentials on Tomcat
I just had another scraping attack on my web site. The requests asked for paths in nearly alphabetical order, had no Referrer, all pretended to be "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Geck… Continue reading How do web scrapers get to use numerous Microsoft’s (AS8075) IP addresses? [closed]
Is it possible and how to import macros with .jar extension produced by Selenium into Webinspect (version 21.2) and then use them to conduct a scan? Can anyone help me?
Continue reading import macros with .jar extension produced by Selenium into Webinspect [closed]
You potentially use a variety of scanners and processes (e.g. Threat Modelling) which produces a set of overlapping outputs. How do you avoid repeated findings which are duplicated across toolsets?
I am wondering how someone might look to protect their website against directory traversal attacks using tools such as Dirbuster which may reveal some sensitive directories?