OWASP Testing Guide Archives - 7ASecurity Blog

7ASecurity Completes Bridgefy Audit

Admin — Mon, 31 Jul 2023 11:04:27 +0000

7ASecurity worked with Bridgefy to complete a whitebox pentest of the mobile app, SDK, cloud infrastructure, and privacy to help improve Bridgefy’s overall security posture. What is Bridgefy? Bridgefy, a popular mobile messaging app, allows you to send offline messages by leveraging Bluetooth technology. This app aims to provide secure messaging when infrastructure is not …

The post 7ASecurity Completes Bridgefy Audit appeared first on 7ASecurity Blog.

OWTF 0.12 “Wicky” released!

Admin — Thu, 09 Feb 2012 23:11:00 +0000

Usual background + Disclaimer: The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage 🙂 OWTF …

The post OWTF 0.12 “Wicky” released! appeared first on 7ASecurity Blog.

OWTF 0.11 “Vienna” released!

Admin — Thu, 19 Jan 2012 06:49:00 +0000

Background: The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp owtf WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage 🙂 Dedicated with special love …

The post OWTF 0.11 “Vienna” released! appeared first on 7ASecurity Blog.

OWTF 0.10 “Berlin” released!

Admin — Fri, 06 Jan 2012 09:10:00 +0000

Background: The Offensive (Web, etc) Testing Framework (aka owtf) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org NOTE: I believe looking at the slides and demos prior to using this will help. WARNING: This tool unites many great tools and their power, please hack responsibly and always have permission. …

The post OWTF 0.10 “Berlin” released! appeared first on 7ASecurity Blog.

owtf 0.10 “Berlin” 1 URL sample report and update

Admin — Tue, 03 Jan 2012 09:22:00 +0000

NOTE: I believe looking at the slides and demos before playing with the interactive report will help. NOTE 2: The report has been built for HTML 5 localstorage, your flags and notes will be kept even if you close the browser as long as you use Firefox >= 8 (there is a bug before then) …

The post owtf 0.10 “Berlin” 1 URL sample report and update appeared first on 7ASecurity Blog.

Test your SSL: TLSSLed v1.2 released!

Admin — Wed, 19 Oct 2011 21:12:00 +0000

I have decided to stop swearing when tools don’t work and fixing them or implementing my improvements and then send them to the tool author instead. The point is to give back to the community since after all the community gave it to me for free first :). As part of this initiative as I was …

The post Test your SSL: TLSSLed v1.2 released! appeared first on 7ASecurity Blog.

Testing for SSL-TLS (OWASP-CM-001)

Admin — Sat, 16 Jul 2011 01:17:00 +0000

A nice tool for SSL cipher testing is this Perl script: ssl-cipher-check.pl, however, in Backtrack and also on other distros you may get this error the first time you run it: ssl-cipher-check.pl -vw my.exampledomain.com 443 … ERROR: Unable to find /usr/bin/gnutls-cli-debug. Please install the gnutls-devel package To avoid that simply install the missing package as …

The post Testing for SSL-TLS (OWASP-CM-001) appeared first on 7ASecurity Blog.

Testing for HTTP Methods and XST (OWASP-CM-008)

Admin — Sat, 02 Jul 2011 00:36:00 +0000

When Testing for HTTP Methods and XST a common vulnerability to find is XST. When you manually verify that this vulnerability is truly present (i.e. not a tool false positive) you can use tools like netcat but sometimes the web server is using SSL and netcat will not work straightaway. You can get around this …

The post Testing for HTTP Methods and XST (OWASP-CM-008) appeared first on 7ASecurity Blog.