Backslash Powered Scanning: Implementing Human Intuition

Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures – almost like an anti-virus. In November I released an open-source scanner that takes an alternative approach, capable of finding and confirming both known and unknown classes of injection vulnerabilities. Evolved from classic manual techniques, this approach reaps many associated benefits including casual WAF evasion, a tiny network footprint, and flexibility in the face of input filtering.

Continue reading…


Advanced Web Security Testing with Burp Pro

This training is designed for Web penetration testers familiar with the Burp Suite Pro auditing tool. Based on the Mastering Burp Suite Pro – 100% hands-on class, this session is expected to go much faster, while covering most problems faced in everyday engagements and significantly enhancing your automation skills. The numerous elaborately designed challenges will guide trainees during these 2 days of intense-but-fun Burp Suite Pro practice. Continue reading…