JWT - Reinventing Sessions

JWT advantages and disadvantages with an emphasis on security implementations.…

Burp Suite 2.0 - Quick Review

Burp Suite 2.0 beta is now available to Professional users. This is a major upgrade, with a host of new features, including A new crawler, able to automatically handle sessions, detect changes in application state, crawl with multiple logins, and deal with volatile content.…

RequestBin Setup to Demonstrate Open-Redirect

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input.…

Learning to Pop XSS with Docx Files

Utilizing an unrestricted file upload vulnerability with Microsoft Docx files to exploit web applications with Cross-Site Scripting (XSS).…

Aircrack Suite

Since I wrote a blog post recently on how to capture a WPA/WPA2 handshake using the WiFi Pineapple Nano I thought it would be interesting to take a peek under the hood, and see how the SiteSurvey module on the Pineapple achieved this. ¬†Disclaimer: ¬†Any actions and or activities…