A clear, practical walkthrough of the 7ASecurity audit process: threat-model driven scoping, a dedicated communication channel with interim findings, and free fix verification—so issues are fixed, not just reported.
OWASP Executive Director Andrew van der Stock interviews 7ASecurity CEO Abraham Aranguren on what “quality pentesting” really means: threat-model driven scoping, researcher-led testing, interim findings, and free fix verification.
7ASecurity worked with Bridgefy to complete a whitebox pentest of the mobile app, SDK, cloud infrastructure, and privacy to help improve Bridgefy’s overall security posture. What is Bridgefy? Bridgefy, a popular mobile messaging app, allows you to send offline messages by leveraging Bluetooth technology. This app aims to provide secure messaging when infrastructure is not …
Usual background + Disclaimer: The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage 🙂 OWTF …
Background: The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp owtf WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage 🙂 Dedicated with special love …
Background: The Offensive (Web, etc) Testing Framework (aka owtf) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org NOTE: I believe looking at the slides and demos prior to using this will help. WARNING: This tool unites many great tools and their power, please hack responsibly and always have permission. …
NOTE: I believe looking at the slides and demos before playing with the interactive report will help. NOTE 2: The report has been built for HTML 5 localstorage, your flags and notes will be kept even if you close the browser as long as you use Firefox >= 8 (there is a bug before then) …
I have decided to stop swearing when tools don't work and fixing them or implementing my improvements and then send them to the tool author instead. The point is to give back to the community since after all the community gave it to me for free first :). As part of this initiative as I was …
A nice tool for SSL cipher testing is this Perl script: ssl-cipher-check.pl, however, in Backtrack and also on other distros you may get this error the first time you run it: ssl-cipher-check.pl -vw my.exampledomain.com 443 ... ERROR: Unable to find /usr/bin/gnutls-cli-debug. Please install the gnutls-devel package To avoid that simply install the missing package as …
When Testing for HTTP Methods and XST a common vulnerability to find is XST. When you manually verify that this vulnerability is truly present (i.e. not a tool false positive) you can use tools like netcat but sometimes the web server is using SSL and netcat will not work straightaway. You can get around this …
