Automating Authorization Testing: AuthMatrix – Part 2
In my previous blog post, part 1, I covered the basic configuration of the AuthMatrix Burp Suite extension, so we will now move on to some more advanced setups. The […]
app penetration testing
Server-Side Request Forgery Attack & Fix
SSRF Attack We recently came across a privilege escalation attack avenue during a web application / thick client penetration test. In this blog post, I will be talking about a […]
Automating Authorization Testing: AuthMatrix – Part 1
This White Oak series covers what is authorization testing & AuthMatrix’s basic setup of roles, users, & requests for a simple application that only uses cookies.
Insecure Password Reset
Brett uncovers an insecure password reset during a pentest, this post will go through the password reset functionality, what went wrong, & how to fix this issue.