Introducing Burp Correlator!
This one is for you web penetration testers! This new Burp extension is designed to help with ...
Continue Reading
Practical Pentest Advice from PCI
The PCI Security Standards Council released a Penetration Testing Guidance information supplement ...
Continue Reading
Tip: Running BurpSuite on a Mac
Here’s a quick tip I use to save some time when spinning up Burp Suite on a Mac. I use Burp Suite ...
Continue Reading
Don't Forget the Little Things!
On January 31st, Deusen disclosed what was described as a Same Origin Policy Bypass flaw called ...
Continue Reading
CarolinaCon 11 Slides for Anatomy of Web Client Attack
For those who have asked – my slide deck for Anatomy of Web Client Attacks can be downloaded here. ...
Continue Reading
Adventures in LDAP Injection: Exploiting and Fixing
Every pen tester looks forward to that next encounter that includes one of those uncommon ...
Continue Reading
Burp CO2 now sports some Laudanum Scripts!
There have been a number of updates to the Burp CO2 extension suite over the past couple of months ...
Continue Reading
CORS Global Policy
I recently noticed an uptake on Cross-Origin Resource Sharing (CORS) findings showing up in ...
Continue Reading
Decoding Security Jargon
If you pick up just about any security textbook it will begin by describing security using terms ...
Continue Reading
Burp Co2 Update v0.5 adds a Name Mangler module!
I’m excited to announce another addition to the Burp Co2 extension bundle in v0.5 of Burp Co2 ...
Continue Reading
Are we a Target?
2014 has started out with a bang in terms of publicly disclosed compromised systems. We entered the ...
Continue Reading