Auto Web Application Penetration Testing: Intelligence Gathering
Hi all, A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains...
Tagged: XSS
How to Prevent Cross-Site Scripting (XSS) Attacks
XSS Attack is the principle of the attacker will be malicious code implanted into the page, resulting in the user browsing the page will be in the trick! XSS can: Steal...
Finding and exploiting Cross-site request forgery (CSRF)
Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of...
jsprime: a javascript static security analysis tool for finding DOM-XSS
Both in the traditional PC Web platform or mobile terminal platform, client-side or server-side, the JavaScript fairly good performance and reflect the rich framework to support, so it as a...
Penetration Testing in the Real World
A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it...
Vane: open source WordPress Vulnerability Scanning
Vane is a vulnerability scanner that scans WordPress for all webmasters to scan for WordPress vulnerabilities and find and fix problems before they go live. It is a great WordPress...
Nikto v2.5 releases – WebAPP Penetration Testing Tool
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of...
DSXS: Damn Small XSS Scanner
Damn Small XSS Scanner (DSXS) is a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. As of optional settings, it...
DSJS: JavaScript library vulnerability scanner
Damn Small JS Scanner (DSJS) is a fully functional JavaScript library vulnerability scanner written in under 100 lines of code. It has to be noted that it is a derivative...
Cross Site Request Forgery [CSRF-XSRF] Vulnerability
Cross-site request forgery [CSRF], also known as one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of a website...
