Burp Suite is an intercepting HTTP proxy that can also scan a web-based service for vulnerabilities. A tool like this is indispensable for testing web applications. Burp Suite is written in Java and comes bundled with a JVM, so it works on any operating system you're likely to use.
The post Burp Suite Cheatsheet appeared first on Black Hills Information Security, Inc..
Pentest reports sometimes include bad information under a heading like, “Weak TLS Configuration” or “Insecure SSL Certificates.” This article will explain how TLS is supposed to work, common ways it […]
The post Testing TLS and Certificates appeared first on Black Hills Information Security, Inc..
At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest. Penetration Testers get paid for their reports. For their […]
The post Webcast: Hack for Show, Report For Dough: Part 2 appeared first on Black Hills Information Security, Inc..
Information takes many forms. Some of these forms are easy to understand and others less so. Some are hardly even recognizable. How do you know when you’ve found something interesting? […]
The post Webcast: Uncovering Secrets and Simplifying Your Life with CyberChef appeared first on Black Hills Information Security, Inc..
Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many […]
The post Webcast: Getting Started with Burp Suite & Webapp Pentesting appeared first on Black Hills Information Security, Inc..
So much information about testing webapps for security problems is old. Don’t get me wrong, the old stuff still works way more often than we’d like, but there’s more to […]
The post Webcast: Modern Webapp Pentesting: How to Attack a JWT appeared first on Black Hills Information Security, Inc..
I like webapps, don’t you? Webapps have got to be the best way to learn about security. Why? Because they’re self-contained and so very transparent. You don’t need a big […]
The post Webcast: Free Tools! How to Use Developer Tools and Javascript in Webapp Pentests appeared first on Black Hills Information Security, Inc..
Brian King // Recon-ng had a major update in June 2019, from 4.9.6 to 5.0.0. This post is meant to help with the adjustment by providing a cheat sheet for […]
The post What’s Changed in Recon-ng 5.x appeared first on Black Hills Information Security, Inc..
Brian B. King // This is a companion post to BBKing’s “Hack for Show, Report for Dough” report, given at BSides Cleveland in June 2019. The fun part of pentesting is […]
The post Your Reporting Matters: How to Improve Pen Test Reporting appeared first on Black Hills Information Security, Inc..
BB King // We got an email from a fan today asking how best to find a mentor in information security. Maybe you’re looking for a mentor too. It’s a […]
The post How to Find an InfoSec Mentor appeared first on Black Hills Information Security, Inc..
BB King // BB King looks at testing modern web apps in that “enterprise environment” so many of us inhabit. Taking the perspective of the Lonely Application Security Person in […]
The post WEBCAST: Web App Assessments for Non-Majors appeared first on Black Hills Information Security, Inc..
BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and […]
The post When Infosec and Weed Collide: Handling Administrative Actions Safely appeared first on Black Hills Information Security, Inc..
Brian King // On a recent webapp test, I got a little frustrated with all the extra HTTP requests showing up in my Burpsuite Proxy History from connections that Firefox […]
The post Towards a Quieter Firefox appeared first on Black Hills Information Security, Inc..
Brian King // I use GNU Screen mainly to prevent processes from dying when I disconnect from an SSH session, but GNU Screen can do a whole lot more than that […]
The post GNU Screen Quick Reference appeared first on Black Hills Information Security, Inc..
Brian King // News from Google this week says that Chrome will start enforcing Certificate Transparency a year from now. https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/78N3SMcqUGw This means that when Chrome contacts a website, if […]
The post Certificate Transparency Means What, Again? appeared first on Black Hills Information Security, Inc..
BBKing // So I’m working the other day, and my wife asks me why the TV is on. I don’t know. I didn’t turn it on. But it’s near my […]
The post AppleTV & nmap -sV appeared first on Black Hills Information Security, Inc..
Brian B. King // Red Teaming is one of those terms popping up all over the place lately, and it seems to mean different things to different people. Is it […]
The post Book Review: “Red Team – How to Succeed by Thinking Like the Enemy” appeared first on Black Hills Information Security, Inc..
Brian King // Do you know what that browser plugin is doing? There’s a browser plugin for just about everything. You can find one to change the name of […]
The post Browser Plugin Oversharing appeared first on Black Hills Information Security, Inc..
Brian King // All of our scanning tools tell us that we should disable the HTTP TRACE and TRACK methods. And we all think that’s because there’s something an attacker […]
The post Three Minutes with the HTTP TRACE Method appeared first on Black Hills Information Security, Inc..
Brian King // There’s a one-liner password spray script that a lot of folks use to see if anyone on a domain is using a bad password like LetMeIn! or […]
The post Check\ Your\ Tools appeared first on Black Hills Information Security, Inc..
Login