Headshot of Hans Petrich

Hans Petrich

Hans Petrich is an avid programmer and researcher, leveraging his knowledge and experience in web application frameworks and development to perform in-depth pentests and vulnerability assessments. Hans received numerous awards for his role in securing our national infrastructure by leading the development of the vulnerability mitigation automation methodology for military and government systems. He has provided defense-in-depth security training to the cadets competing in the U.S. military’s annual Cyber Defense eXercise (CDX) and has volunteered his penetration testing expertise for several collegiate level cyber defense competitions - notably, he co-authored the scoring engine for the Pacific Rim Collegiate Cyber Defense Competition. Hans earned his MBA from National Information Assurance Training and Education Center (NIATEC).

More by Hans Petrich

Penetration Testing as a Service (PTaaS)

Why You Should Consider a Source Code Assisted Penetration Test

September 14, 2021

Learn how to increase the value and results of your penetration testing with a source code assisted pentest.

Learn More
Web Application Pentesting

CAPTCHAs Done Right?

March 9, 2018

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are an anti-automation control that are becoming more and more important in protecting forms from automated submissions. However, just because you have a CAPTCHA on your form does not mean that you “did it right”. Let’s review some of the important parts about implementing a CAPTCHA.

Learn More
Web Application Pentesting

Weaponizing self-xss

February 12, 2018

Maybe you’re a web app pentester who gets frustrated with finding self-xss on sites you test, or maybe you’re a website owner who keeps rejecting self-xss as a valid vulnerability. This post is intended to help both understand the risk involved in self-xss and how it can possibly be used against other users.

Learn More
Web Application Pentesting

Insecurity Through Obscurity

January 22, 2018

Part 3 in this portal protections series, we’re going to walk through an “obscured” vulnerability we discovered that gave us super admin privileges to the application we were testing.

Learn More
Web Application Pentesting

XSS Using Active Directory Automatic Provisioning

August 17, 2017

This blog answers the question: “Can we exploit the the application in some way if we already have access to the Azure panel?”

Learn More
Web Application Pentesting

Username Discovery

January 30, 2017

In a continuation of our portal protections series, we’ll be discussing some of the methods that attacker’s can use to discover valid usernames on your applications.

Learn More
Web Application Pentesting

Login Portal Security 101

January 23, 2017

When we think about attempts to discover web vulnerabilities, we like to think about attack surface. If you are looking for needles in haystacks, it helps if you have access to all of the hay first.

Learn More