As you may know, OWASP OWTF took part in the GSoC 2013. It was somewhat surprising (also to me) that OWTF got 4 slots, the same as ZAP (an OWASP flagship project I have a lot of respect for) and OWASP as an organisation in 2012. Instead of writing a blog post about my personal …
As a wrapper tool that depends on many tools, the migration from Backtrack to Kali Linux has been a bit of a challenge for the OWTF development team: Many tools were removed, all tools and dictionaries changed their locations, some tools were not working anymore, other tools had to be replaced by better ones and coordinating GSoC …
If you have an owasp.org account, are familiar with python and would be willing to mentor some students OWASP OWTF needs you 🙂 5 students that applied to work on the Google Summer of Code 2013 for OWASP OWTF made it to the top 11 and OWASP got 11 slots this year. However, I cannot mentor …
Pentesting like a Grandmaster materials – BSides London 2013 UPDATE: 2013-07-28 – Added link to BSides London talk interview NOTE: Will update the post as soon as video is available only slides and demos for now 🙂 BSides London 2013 was a blast as previous years, I received a lot of good feedback during the …
UPDATE: This probably only affects the VMWare image, you will know if it also affects the Kali install if your hashes match my sample hashes below. So the fine folks at offensive security released this new distro called “Kali Linux” recently, which is essentially: Replacing Backtrack Based on Debian (instead of Ubuntu) One of the …
Illusionism is just another form of Social Engineering (SE): The magician attempts to draw attention away from the trick to create an illusion of making the impossible possible. During the weekend I saw three fun tricks by Steven Fryne (aka Dynamo), the first one (walking on water) additionally shows the power of the media as …
At Brucon 2012 I had the privilege to present and demo VSA, the Virtual Scripted Attacker, a tool I had been working on with a great team of very talented people for a number of months. The talk was only 5 minutes long (a Lightning talk) so the presentation is brief. VSA is the first …
UPDATE: April 2nd – Added new pinning article thanks @an_animal! UPDATE: Feb 14th – Added (draft, initial) forensics section, Added pinning links, thanks @an_animal for most pinning resources! Android Security is like IPv6: It will catch you sooner or later :). It is becoming more common for Web Applications to involve a Mobile Application component. …
An interesting tool for Java source code analysis is OWASP LAPSE Plus. You can see the instructions to set it up on the project’s page or Click to explore. OWASP LAPSE Plus requires Eclipse Helios and a number of people who know more than me at stack overflow suggest that you should not install eclipse …
Here are a few links if you want to download the materials from the OWASP OWTF BruCon 2012 workshop that happened last week in Ghent, Belgium: – The slides are now online in slideshare – The demos, code and slides PDF can be downloaded from either of these: The OWTF Project Github page The BruCon …
