Information Security
WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However,...
Pyfiscan is free web-application vulnerability and version scanner and can be used to locate out-dated versions of common web-applications in Linux-servers. Example use case is hosting-providers keeping eye on their users’ installations to keep...
hsecscan A security scanner for HTTP response headers. Installation Requirement: Python 2.x Usage Example Copyright (C) 2015 riramar Source: https://github.com/riramar/
WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by...
BruteXSS is a tool written in python simply to find XSS vulnerabilities in the web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI...
A file upload point is an excellent opportunity to execute XSS applications. Many sites have user rights to upload personal data pictures of the upload point, you have a lot of opportunities to find...
WATABO is a security tool for testing web applications. It is intended to enable security professionals to perform efficient (semi-automated) web application security audits. Most important features: WATOBO has Session Management capabilities! You can...
What is a local file inclusion (LFI) vulnerability? LFI allows an attacker to include a file on a server through a browser. When a Web application does not properly filter the input data, there...
Cross-site scripting (XSS) is a common vulnerability in Web vulnerability analysis. In many cases, it was easy to enter without filtering easily, but most of the services analyzed had strong filtering. However, there are...
Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed...
Suggested Reading