Quantcast
Channel: Prowareness Developer's Blog » Security
Browsing latest articles
Browse All 16 View Live

Devouring Security: OWASP ZAP – Successfully Ajax Spidering a website with...

      OWASP ZAP – Successfully Ajax Spidering a website with Authentication (Northwind Products Management) 0. Make sure you are proxying via Zap (I love FoxyProxy) 1. Identify the session cookie 1.1...

View Article


Devouring Security: Insufficient Data Validation Risk – Cross Site Scripting...

      Devouring Security Insufficient data validation risks Cross Site Scripting from gmaran23       Agenda in <ul><li>   ·         Risk, Stories & the news ·         XSS Anatomy ·...

View Article


Plug-n-Hack and OWASP ZAP: manually changed proxy settings after initial pnh...

  Plug-n-Hack introduces and proposes new standards to integrate security tools with the browsers, enabling communication between them. OWASP ZAP has inbuilt support for Plug-n-Hack (pnh) which allows...

View Article

OWASP ZAP : Workaround – Html Report from APIs daemon mode

  Ok, may be the title is a bit misleading. The below post is going to show you a few workarounds that you can use to generate (or mimic) a html report when running OWASP ZAP automated in a headless...

View Article

Leveraging Open Source for Continuous Application Security at Agile...

  This post is an abstract of my submission to nullcon 2015.   With more and more web applications enabling us to converse, communicate, conspire, collaborate, contribute, capture, compute, credit,...

View Article


Let your IIS worker process crash with StackOverflowException

There was a Login page, that did some sort of authorization check beyond authenticating the user, and displayed an Access Denied page for those who weren’t lucky enough. This was all done by the...

View Article

Devouring Security: Sslstrip and arpspoofing for credential harvesting

      You may think you are connecting to a website over ssl, but did you forget to check https at the address bar?     http://www.thoughtcrime.org/software/sslstrip/     Victim - Windows 7 –...

View Article

Devouring Security: Sqlmap for login protected sites and JSON data

        sqlmap http://sqlmap.org/   How do I test a log in protected website with sqlmap?                 use the –cookie parameter / or capture the request, pass it on with the -r parameter / or use...

View Article


Event Viewer – Filtering user events for forensics and audits

Skip the story   Let’s say you are tracking down some user, or trying to find users that logged in to a common Windows workstation at a timeline. Sounds downright easy with Event Viewer right? Create a...

View Article


Secure your application from Cross-Site Request Forgery(CSRF)

Intention of  this post is show how to dynamically append anti-forgery token to all your post requests  in your application without explicitly adding it to every form . Implementation will be focused...

View Article
Browsing latest articles
Browse All 16 View Live