Web Application Pentesting
Results: 66 Posts
Technical | Web Application Pentesting
Walking Through an Attack Path with ForceHound
Technical | Web Application Pentesting
Auditing Salesforce Permission Hierarchies with ForceHound
Executive | Web Application Pentesting
Vibe Coding: A Pentester’s Dream
Executive | Web Application Pentesting
Assessing the True Business Impact of a Malicious Connected App
Technical | Web Application Pentesting
Getting Shells at Terminal Velocity with Wopper
Technical | Red Teaming
CVE-2025-27590 – Oxidized Web: Local File Overwrite to Remote Code Execution
Technical | Web Application Pentesting
A Not So Comprehensive Guide to Securing Your Salesforce Organization
Technical | Web Application Pentesting
Exploiting Second Order SQL Injection with Stored Procedures
Technical | Web Application Pentesting
From Informational to Critical: Chaining & Elevating Web Vulnerabilities
Technical | Web Application Pentesting
CVE-2024-37888 – CKEditor 4 Open Link plugin XSS
Technical | Web Application Pentesting
Prototype Pollution: A Deep-Dive
Technical | Web Application Pentesting
Why TOTP Won’t Cut It (And What to Consider Instead)
Technical | Web Application Pentesting
Exploiting XPath Injection Weaknesses
Technical | Web Application Pentesting
Macros Demystified
Technical | Web Application Pentesting
Introduction to Smart Contract Security and Decentralized Web Applications
Technical | Web Application Pentesting
Burp Suite Extension: AWS Signer 2.0 Release
Technical | Web Application Pentesting
Azure SAS Tokens for Web Application Penetration Testers
Technical | Web Application Pentesting
Escape NodeJS Sandboxes
Technical | Web Application Pentesting
XXE in IBM's MaaS360 Platform
Technical | Web Application Pentesting
Introducing Burp Extractor
Technical | Web Application Pentesting
Attacking Application Specific SQL Server Instances
Technical | Web Application Pentesting
Jira Information Gathering
Technical | Web Application Pentesting
CAPTCHAs Done Right?
Technical | Web Application Pentesting
Weaponizing self-xss
Technical | Web Application Pentesting
Insecurity Through Obscurity
Technical | Web Application Pentesting
NetSPI SQL Injection Wiki
Technical | Web Application Pentesting
DNS Tunneling with Burp Collaborator
Technical | Web Application Pentesting
XSS Using Active Directory Automatic Provisioning
Technical | Web Application Pentesting
Anonymous SQL Execution in Oracle Advanced Support
Technical | Web Application Pentesting
Application Self Protection – A New Addition to the OWASP Top 10
Technical | Web Application Pentesting
Beautifying JSON in Burp
Technical | Web Application Pentesting
SQL Injection to Help You Sleep at Night
Technical | Web Application Pentesting
Attacking SSO: Common SAML Vulnerabilities and Ways to Find Them
Technical | Web Application Pentesting
Defeating CSRF Protections Through Expired cross-domain.xml Domains
Technical | Web Application Pentesting
Attacking JavaScript Web Service Proxies with Burp
Technical | Web Application Pentesting
Username Discovery
Technical | Web Application Pentesting
Login Portal Security 101
Technical | Web Application Pentesting
Java Deserialization Attacks with Burp
Technical | Web Application Pentesting
Directory Traversal, File Inclusion, and The Proc File System
Technical | Web Application Pentesting
Hashdump without the DC using DCSync (because we all wanted it)
Technical | Web Application Pentesting
Exploiting MS15-076 (CVE-2015-2370)
Technical | Web Application Pentesting
Tearing Apart a Datto Device
Technical | Web Application Pentesting
Debugging Burp Extensions
Technical | Web Application Pentesting
Forcing XXE Reflection through Server Error Messages
Technical | Web Application Pentesting
Playing with Content-Type – XXE on JSON Endpoints
Technical | Web Application Pentesting
Decrypting WebLogic Passwords
Technical | Web Application Pentesting
ActiveX + XSS = ActiveXSS Pwnage!
Technical | Web Application Pentesting
Advisory: XXE Injection in Oracle Database (CVE-2014-6577)
Technical | Web Application Pentesting
Advisory: Oracle Forms 10g Unauthenticated Remote Code Execution (CVE-2014-4278)
Technical | Web Application Pentesting
The Illusion of Security
Technical | Web Application Pentesting
Java Obfuscation Tutorial with Zelix Klassmaster
Technical | Web Application Pentesting
Magic Bytes – Identifying Common File Formats at a Glance
Technical | Web Application Pentesting
Great, you use CA SiteMinder, but you broke it!
Technical | Web Application Pentesting
Covert Exfil from a Target Network
Technical | Web Application Pentesting
Backdooring Office Documents
Technical | Web Application Pentesting
Hacking Web Services with Burp
Technical | Web Application Pentesting
Tool release: AMF Deserialize Burp Plugin
Technical | Web Application Pentesting
OWASP AppSec 2012 Presentation: SQL Server Exploitation, Escalation, and Pilfering
Technical | Web Application Pentesting
Thoughts on Web Application Firewalls
Technical | Web Application Pentesting
Web Application Testing: What is the right amount?
Technical | Web Application Pentesting
SQL Injection: Death by Blacklist
Technical | Web Application Pentesting
Fuzzing Parameters in CSRF Resistant Applications with Burp Proxy
Technical | Web Application Pentesting
Presenting at OWASP AppSec Conference
Technical | Web Application Pentesting
Are You Testing Your Web Application for Vulnerabilities?
Technical | Web Application Pentesting
Do Not Use the Back Door!
Technical | Web Application Pentesting