Where this came from – skip to the end for the challenge if you do not care 🙂 During the OWTF workshop at BSides Vienna the interaction with the audience was great. For the purpose of this blog post the conversation on embedding HTML input from an untrusted source developed as follows: – Olaf first asked …
BSides Vienna took place last Saturday (21/01/2012) and it was only 3 weeks away from BerlinSides (where I gave the same talk and the same workshop) so the materials I used where almost identical. I decided it was more important to release an OWTF “Vienna” version instead. However, to keep it simple for the attendants …
Background: The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage 🙂 Dedicated with special love …
Background: The Offensive (Web, etc) Testing Framework (aka owtf) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org NOTE: I believe looking at the slides and demos prior to using this will help. WARNING: This tool unites many great tools and their power, please hack responsibly and always have permission. …
NOTE: I believe looking at the slides and demos before playing with the interactive report will help. NOTE 2: The report has been built for HTML 5 localstorage, your flags and notes will be kept even if you close the browser as long as you use Firefox >= 8 (there is a bug before then) …
Happy new year! I would like to take this opportunity to thank everybody that chose to attend my OWTF workshop despite it happening at the same time that probably one of the best talks at BerlinSides: “Layers of misunderstanding, or how digital radio is not what you think…” by Travis Goodspeed, which I unfortunately missed …
UPDATE: Just realised that slideshare made the fonts look funny, use the “Download” option at the top to see the presentation as a PDF properly. If you are interested you can now view and download the slides for “Silent web app testing by example” here. I would like to take this opportunity to thank the awesome …
I would like to use this opportunity to thank everybody that voted my lightning talk “Web app testing without attack traffic” as the “BruCon 2011 Lightning Talk winner”. I only had 5 minutes so I had to take out many things I wanted to cover, for this reason, I have significantly expanded this talk (106 slides …
I have decided to stop swearing when tools don’t work and fixing them or implementing my improvements and then send them to the tool author instead. The point is to give back to the community since after all the community gave it to me for free first :). As part of this initiative as I was …
NOTE: I also posted this to the BeEF Project Wiki here Some Backtrack 5 security tools need ruby 1.8 (i.e. whatweb) and others ruby 1.9.2 (i.e. BeEF). This script automates the switch. By setting the ruby environment to the correct ruby version we can run all tools. This script aims to make this small task …
