Hunting for SSRF Bugs in PDF Generators
If you’ve been on a website and noticed one of the following features, there’s a good chance you’ve stumbled upon a hot spot for server-side request forgery (SSRF) bugs: Before […]
Web App
Hit the Ground Running with Prototype Pollution
Isaac Burton // For as long as we have known about prototype pollution vulnerabilities, there has been confusion on what they are and how they can be exploited. We’re going […]
Gowitness, a Tester’s Time Saver
Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]
How to Build a Pentest Robot With Selenium IDE
Have you ever been on a pentest and thought to yourself, “I wish I had a robot to do this testing for me right now cuz this is just too much work”?
PNPT: Certification Review
Daniel Pizarro // What is the PNPT? The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentester’s ability […]
Forward into 2023: Browser and O/S Security Features
Joff Thyer // Introduction We have already arrived at the end of 2022; wow, that was fast. As with any industry or aspect of life, we find ourselves peering into […]
Lessons Learned While Pentesting GraphQL
Sean Verity // GraphQL is one of those technologies that I heard about several years ago but had not encountered during an actual pentest. After reading a blog or two, […]
For Web Content Discovery, Who You Gonna Call? Gobuster!
Melissa Bruno // One of the best early steps to take when testing a network, especially a large one, is to run the tool EyeWitness to gain a quick understanding […]
Web App Pen Testing in an Angular Context
Joff Thyer // If you are a fan of web application pen testing, you have been spoiled with a lot of easy pickings over the years. We all love our […]