All Stories

Howto crawl web.xml with ruby to discover servlet urls for a pentest

Something very boring happening in a web application penetration test is to reach out URLs that are not referenced in other pages.

Tales from a login page: exploit the form

Last time we introduced the login form as seen on the attacker perspective.

Tales from a login page: intro

During 2013 a lot of websites were defaced. Attackers mostly use SQL injection vulnerable pages to steal data, execute arbitrary commands or make some nasty things common people can’t understand...

Create a quick and dirty web crawler with ruby

A couple of days ago, I was starting a new security activity over a website I never saw before. If you remember a last year post, the first task is...

How to quote a code review

A premise: I don’t trust gantt and fancy IT project managers’ document where every project step fits in a perfect order without dealing with the unpredictable.

When the vulnerability is not the vulnerability itself

In an ideal world, all projects has good management. Projects needs strong decisions and a clear plan that make people able to build something; this is true for a bridge,...