Web App

Red Team, Web App Direct Object References, HIPAA, HIPAA violations, user profiles, XKCD

Let’s Talk About Direct Object References

Kelsey Bellew // Maybe you don’t know what Direct Object References mean, if you Google it, you’d get this: This description uses the words “direct”, “object” and “reference” to describe a […]

Read the entire post here

Red Team, Web App Asp .Net cookliness session, Burp, Pentesting

Pentesting ASP.NET Cookieless Sessions with Burp

Carrie Roberts & Brian King // We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as shown in the […]

Read the entire post here

Author, David Fletcher, Red Team, Red Team Tools, Web App Automated Testing, Burp Macros

Using Simple Burp Macros to Automate Testing

David Fletcher // Recently, while assessing a web application I noticed content on one of the pages that appeared to be derived from sensitive information stored within the site’s user […]

Read the entire post here

Red Team, Web App Info2Ouch, Nessus, Vulnerabilities

Service Detection – Tomcat Manager, From “Info” to “Ouch”

Carrie Roberts // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service Detection” […]

Read the entire post here

1 2 3 4