GraphQL APIs & Enumeration Basics
This blog post serves as an introduction to GraphQL. We will shine light on how the query language functions and some basic security considerations, as well as tools and techniques […]
Burp Suite
Find What Sparks Joy In Your Burp Suite Proxy History With Subtractive Scoping
Improving Quality-Of-Life With Simple Burp Suite Extensions (Part Two) The “right tool for the job” isn’t always the perfect tool for the job, and if you have been using Burp […]
New Burp Suite Extension Blows Your SOCKS Off
Improving Quality-Of-Life With Simple Burp Suite Extensions (Part One) If you have been using Burp Suite for a while, you probably have some ideas for small features or tweaks to […]
Nuclei Plugin & Burp Suite – Template Creation Guide
What Is Nuclei? Nuclei is a powerful open-source vulnerability scanner written in Golang. Aside from its excellent performance, it is a highly customizable tool due to its integration with YAML […]
Burp Suite Macros – Reshaper Guide
Burp Suite Macros If you’ve performed web application pentests with Burp Suite for a while, you’ve certainly come across applications that don’t play nicely with Burp Suite’s out-of-the-box scanning. Perhaps […]
GraphQL Batching Attacks: Turbo Intruder
Exploiting GraphQL Batching Attacks Using Turbo Intruder What Are Batching Attacks In GraphQL? GraphQL allows for multiple queries to be sent to the server in one single request in order […]
5 Useful & Free Burp Suite Plugins
At White Oak Security, we do a variety of engagement types. Previously, we’ve written several posts on some of the tools we use, including Burp Suite. To take full advantage […]
Automating Authorization Testing: AuthMatrix – Part 1
This White Oak series covers what is authorization testing & AuthMatrix’s basic setup of roles, users, & requests for a simple application that only uses cookies.
Web App Pentesting With Burp Suite Scan Profiles
What separates a tool from a tester? Read White Oak Security’s blog about pentesting web apps efficiently through Burp Suite Config Library with scan profiles.