Category Archives: web security

Burp suite tip / tutorial: renaming tabs

This will be a quick and simple tip that you may not have been aware of, you can rename tabs within Burp. A friend of mine who works out of Raleigh turned me onto this. I find new sometimes obvious and hidden features in Burp all the time and this is one of them.
I find […]

Burp suite tutorial / tip: determining cookie functionality

When testing web applications you may come across an application that passes a ton of cookies along with each request. Cookies are used to maintain state within the application and typically only one cookie is needed within the application. There are times when other cookies are used as well and when testing web applications it […]

Burp suite tutorial / tip: using intercept to locate automated scanner findings

So the problem I have in my job and maybe others do as well is that when assessing a web application for vulnerabilities you want to throw automated tools at it first to get the low hanging fruit. So you get the results back and you have some good findings but you’re not exactly sure […]

Firefox add-ons for web app assessments

These add-ons are mainly related to web application security, you see these types of list related to firefox add-ons but these are the ones that I think are the most helpful. Firefox has a nice category called web application security penetration testing that has a lot of the plugins I’ll mention.  Not all plugins in […]

How to write a web app worm

When I say web app worm I mean a web site specific worm such as twitter. Twitter has been picked on (they should be because it’s a meaningless app) when it comes to web app worms so why stop now. There are other types of worms that could include web servers and databases but that […]