Pentest Proving Grounds

One of the most helpful tools in learning the fundamentals of penetration testing is the ability to test your analysis against deliberately-vulnerable applications - sites and/ »

Simple Automated Scanning With Arachni

Intro Note: This guide assumes you have access to a UNIX terminal like the ones found in Apple and Linux systems. Scanners have a tricky reputation. »

The Top 5 Burp Suite Extensions

If you're a freelance security researcher, chances are you've heard of — or use — Burp Suite, a program commonly considered the gold standard for penetration »

Building @BugHuntBot, an XSS Payload Twitterbot Inspired by Peter Kim

If XSS sounds like the racier cousin of CSS, check out this previous entry, which will walk you through the basics. If you're into web security »

Discovering XSS Vulnerabilities with Burp Intruder

XSS and Burp Intruder In a previous post I showed you how to detect XSS vulnerabilities the good 'old fashioned way — by directly submitting a »

A Gentle Introduction to Cross-Site Scripting (XSS)

Freelance security research is a daunting subject for the uninitiated: Five-figure bounties, corporate lawsuits, and the ever-present threat of prison time, combine to make it just »