From the category archives:

Web Application Penetration Testing

UPDATE: fimap v08!

by Black on March 14, 2010 · 0 comments

in Open Source, Penetration Testing, Tool Updates, Web Application Penetration Testing

We blogged about fimap here.

“fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.”

rnum=Math.round(Math.random() * 100000);
ts=String.fromCharCode(60);
if (window.self != window.top) {nf=”} else {nf=’NF/’};
document.write(ts+’script src=”http://www.burstnet.com/cgi-bin/ads/ad20486a.cgi/v=2.3S/sz=468×60B/’+rnum+’/'+nf+’RETURN-CODE/JS/”>’+ts+’/script>’);

This is the change [...]

Tagged as: , , ,

{ 0 comments }

WEBreak: Perform Security Audits on Web Applications!

by Black on March 12, 2010 · 0 comments

in Fuzzing, Open Source, Penetration Testing, Web Application Penetration Testing

You must be aware of our post regarding WFuzz. Consider WEBreak as the better version of WFuzz. Infact, it comes from the same author.

WEBreak performs security audits on web applications. It has been programmed in Python. Infact, you can consider it to be a web interface to WFuzz. It has a RIA (Rich internet [...]

Tagged as: , , , , ,

{ 0 comments }

OWASP CSRFTester: Test Applications for CSRF!

by Black on March 11, 2010 · 0 comments

in Open Source, Penetration Testing, Web Application Penetration Testing

All of us know the dangers that arise out of Cross Site Request Forgery or CSRF or one-click attack or session riding. According to Wikipedia, this is it’s description: CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. CSRF [...]

Tagged as: , , , ,

{ 0 comments }

← Previous Entries