All Stories

Now I'm on blogloving

Even security and technical blogs needs some advertise in order to get more traction. That’s why now you can follow my blog with Bloglovin

Howto crawl web.xml with ruby to discover servlet urls for a pentest

Something very boring happening in a web application penetration test is to reach out URLs that are not referenced in other pages.

Tales from a login page: exploit the form

Last time we introduced the login form as seen on the attacker perspective.

Tales from a login page: intro

During 2013 a lot of websites were defaced. Attackers mostly use SQL injection vulnerable pages to steal data, execute arbitrary commands or make some nasty things common people can’t understand...

Create a quick and dirty web crawler with ruby

A couple of days ago, I was starting a new security activity over a website I never saw before. If you remember a last year post, the first task is...

How to quote a code review

A premise: I don’t trust gantt and fancy IT project managers’ document where every project step fits in a perfect order without dealing with the unpredictable.