Publications | Pentest Reports

Pentest Reports

Please note all these reports were proudly published upon explicit request by the project maintainers, or the party that sponsored the penetration test in coordination with the project maintainer.

Pentest-Report SecureDrop Servers, Services, Supply Chain, Privacy & Threat Model Audit (OTF) 06.2024
Pentest-Report LitmusChaos Components & Threat Model Audit (OSTIF) 05.2024
Pentest-Report OpenTelemetry Collector & SDKs (OSTIF) 05.2024
Pentest-Report V2Ray Clients, Servers, Runtime & Supply Chain Audit (OTF) 03.2024
Pentest-Report CoverDrop Protocol, Mobile, Servers, AWS, K8s, Threat Model & Supply Chain Audit (OTF) 02.2024
Pentest-Report nvm CLI tools, Threat Model & Supply Chain Audit (OSTIF) 10.2023
Pentest-Report DEfO-2 OpenSSL HPKE PR & Fuzzing (OTF) 10.2023
Pentest-Report Opaque Fuzzing, Privacy, Supply Chain & Threat Model Audit (OTF) 10.2023
Pentest-Report Ground Truth Fuzzing, Cloud, Privacy, Supply Chain & Threat Model Audit (OTF) 09.2023

Tools

OWASP OWTF, an OWASP flagship project, was originally developed by 7ASecurity and is now maintained by a worldwide team of volunteers. Download, Contribute

Presentations

Coming soon: Sexy Mobile App Attacks by Example
Chinese Police and CloudPets (blog, slides, video1, interview, video2 soon)
Pwning Mobile Apps Without Root or Jailbreak (slides)
Smart Sheriff, Dumb Idea, the wild west of government assisted parenting (slides, video)
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services (slides, demo)
OWASP OWTF - Summer Storm - OWASP AppSec EU (slides, video)

Pentesting like a grandmaster (slides, interview)
VSA: The Virtual Scripted Attacker (slides)
Workshop: Introducing OWASP OWTF (slides)
Legal and efficient web app testing without permission (slides, video)
Offensive (Web, etc) Testing Framework: My gift for the community (slides)
Silent web app testing by example (slides)
Web app testing without attack traffic (slides)