Just a quick update to let everyone know that I’ll be teaching SANS SEC542: Web App Penetration Testing and Ethical Hacking in St. Louis July 8-13th through the Community SANS program. This is a fantastic 6 day class with lots of hands-on exercises, sharing of my real world web app testing experiences and a Capture […]
In this series of blog posts I’ll be discussing some handy Burp Suite techniques we often use on our penetration tests. Burp Suite is our de facto tool of choice for assessing web applications and conducting web based brute force attacks. First up are some techniques to use when conducting brute force attacks on websites
I’m proud to be teaching SANS Security 542 here in Cleveland through the SANS Mentor Program beginning in August. The SANS Mentor Program allows you to save thousands on your training budget and still experience live SANS training on the GWAPT classes – live training without traveling! COURSE DETAILS: Security 542: Web App Penetration Testing
I’ll be presenting “Attacking and Defending Apple iOS Devices in the Enterprise” Monday, March 12 @ 10am. I’ve got a bunch of new content about iOS 5, iCloud and the latest attacks on these devices. This is the inaugural event for SANS and I’m proud to be part of it! More information can be found
Speaking at the SANS Mobile Device Security Summit Read More »
Sorry for the long delay on posting the slides from the presentation that myself, Josh Abraham and Kevin Johnson did at Black Hat USA and DEF CON 19. I’ve uploaded the slides from DEF CON to SlideShare (you can also download a copy there as well) and below are the links to the tools and
Don’t Drop the SOAP: Real World Web Service Testing for Web Hackers Presentation Read More »
I recently wrote about some other Firefox plugins which allow you to manipulate and hack web pages. Looks like there is another set of tools called “ExploitMe” which allows for SQL Injection and XSS (Cross Site Scripting), and web service testing. From the article: “The ExploitMe tools — which are in currently in beta form
More Firefox application testing plugins: ExploitMe Read More »
I have been seeing lots of recent articles about using Firefox as a hacking tool. Basically, you can download extensions (ie: plugins) for use in Firefox to manipulate and hack web pages. I have listed some extensions that are worthwhile to use for web application testing: Tamper Data – This extension works a lot like
Turn Firefox into a Web Hacking Machine Read More »
