Pentesting

Automated Scanning with Arachni

Scanners have a tricky reputation. Their point-and-click simplicity and utility as automated reconnassiance tools means they get love from script kiddies and professionals alike. They also have compelling use cases for flushing out certain vulnerabilities, like XSS, where there may be too many input vectors or payload varities to feasibly go through the application by hand. The problem is a lot of the most popular scanners, like Burp Suite and Websecurify, rely on a GUI for their targeting information and follow a similar pattern:
Read more

Burp Extensions - Setting up XSS Validator

Hunting for XSS XSS / Cross-site scripting (which is just another form of Code Injection) can be a severe vulnerability. It’s also very common. That potent combination - profitability and ubiquity - marks it as a worthy target for penetration testers interested in public bounties.But because of a high rate of false-positives (and inevitably imperfect detection logic) the process of ferreting out XSS comes with a lot of noise. The XSS Validator from Nvisium is designed to solve this problem.
Read more

Bug Hunting for Penetration Testers Available Now

Hands-On Bug Hunting for Penetration Testers is now available. The book covers how to detect, validate, and write submission reports for XSS, SQLi and NoSQLi, XXE, CSRF, and more vulnerabilities, including sections on detecting hidden content, crowdsourcing code injection snippets and other malicious inputs, writing quality submission reports, and more. It uses Burp Suite as a principal tool and proxy, with Python (3.6.5) and Bash scripts thrown in to augment, extend, and automate different testing functions.
Read more

Pentest Proving Grounds

One of the most helpful tools in learning the fundamentals of penetration testing is the ability to test your analysis against deliberately-vulnerable applications - sites and/or apps with consciously introduced flaws, catalogued for easy reference. Beyond a great introductory exercise, testing against deliberately vulnerable apps can also be a great way to calibrate new scanners or automated reconnaisance methods. And in addition to the actual vulnerable endpoints within the applications themselves, many of them also feature their own guided tutorials explaining how to detect - and often mitigate - the vulnerabilities they contain.
Read more

Pre-order Hands-On Bug Hunting for Penetration Testers

Update: The book has since been released. See how to purchase it at handsonbughunting.com or use the Amazon link included in the article below. This October I’ll be releasing my first book with Packt publishing, Hands-On Bug Hunting for Penetration Testers. The book covers: Preparing for pentesting engagements Building an automated pentesting workflow Detecting and reporting OWASP’s Top 10 most common bugs Finding the best bug bounty programs Focusing on testing the right parts of a web application Formatting vulnerability reports to maximize your payouts Going further If you have some experience with penetration testing, it’ll be a good introduction to public bug bounty programs, and if you’re just getting into security, it’s a great series of walkthroughs for getting up to speed - even if you have to search for the meaning of a term or two (or three).
Read more

The Top 5 Burp Suite Extensions

If you’re a freelance security researcher, chances are you’ve heard of — or use — Burp Suite, a program commonly considered the gold standard for penetration testing software. But if you’re only using the stock version, as great as it is, you’re missing out! Both the free and paid versions of Burp support helpful extensions that add extra functionality to the main client — whether it’s a separate (and free) scanner, an IP randomizer, or a plugin for validating XSS vulnerabilities.
Read more