Travis McCormack
Simplifying Authorization Testing in Burp Part 2
Automation is our friend Naturally, we will utilize tools and manual techniques to assess any given application. However, leveraging...
Search
Travis McCormack
- Nov 22, 2021
- 3 min
Simplifying Authorization Testing in Burp Part 1
Capturing multiple sessions can be annoying As anyone who works on appsec can probably tell you authorization testing is fundamental, but...
849 views0 comments
Travis McCormack
- Nov 15, 2021
- 4 min
Finding a 0 Day Race Condition
The background Recently while performing an application penetration test for one of our clients we discovered a very serious arbitrary...
426 views0 comments
Travis McCormack
- Nov 8, 2021
- 2 min
When Input Reflections Attack
Defining the issue Everyone is familiar with reflected issues like XSS and HTML tampering, but what about when this isn't glaringly...
54 views0 comments
Travis McCormack
- Nov 1, 2021
- 3 min
User Enumeration Vulnerabilities
What do we mean by user enumeration? User enumeration is a simple class of vulnerability much like any other enumeration of data it means...
32 views0 comments
Travis McCormack
- Oct 25, 2021
- 5 min
Session Management Issues
Session Invalidation? Timeouts? Renewals? What exactly is session management? To start off we must define what session management...
30 views0 comments
Travis McCormack
- Oct 18, 2021
- 3 min
Information Disclosure Issues Explained
What Constitutes Information Disclosure? Information disclosure is a broad category of security flaws that appear at all severity levels....
37 views0 comments
Travis McCormack
- Oct 11, 2021
- 4 min
TLS Client Authentication While Testing Applications
So what is TLS Client Authentication? TLS client authentication is not a new concept by any means, it is simply rarely used in most web...
175 views0 comments
Travis McCormack
- Oct 4, 2021
- 3 min
Why Care About Unrestricted File Upload?
So Why Do Those Unrestricted File Uploads Matter? Unrestricted File Upload Simplified So first of all let's go ahead define an...
30 views0 comments
Travis McCormack
- Sep 27, 2021
- 4 min
Brute Force Attacks and Rate Limiting
So what are brute force attacks and how do we prevent them? Brute force guessing attacks are some of the most common web application...
54 views0 comments
Travis McCormack
- Sep 20, 2021
- 3 min
You really should fix those lows
Does your Team Neglect Low Severity Findings? The elephant in the room So we all know that our pentest reports come in with low severity...
57 views0 comments