Automating Authorization Testing: AuthMatrix – Part 2
In my previous blog post, part 1, I covered the basic configuration of the AuthMatrix Burp Suite extension, so we will now move on to some more advanced setups. The […]
web app pentesting
Automating Authorization Testing: AuthMatrix – Part 1
This White Oak series covers what is authorization testing & AuthMatrix’s basic setup of roles, users, & requests for a simple application that only uses cookies.
Unauthenticated: XXE Edition
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]
Invisible Data in Web App Pentesting – Don’t Believe Everything You See
Don’t believe everything you see! Invisible or hidden data in web application pentesting could be revealing details like SSNs, like in this example by White Oak.