by Alex Olsen | Jun 14, 2023 | Web Applications
Content discovery is often focused on finding files and folders. However, modern applications not longer conform to this hierarchical approach and specifically applications that use APIs. Kiterunner is a tool that can be used to discover routes and endpoints used in...
by Alex Olsen | Jun 7, 2023 | Penetration Testing, Web Applications
When testing web applications, the understanding and use of various encoding schemes is a fundamental skill. In particular, we often see Base64, URL encoding, and HTML encoding used across many applications both as part of the application’s general functionality and...
by Alex Olsen | May 31, 2023 | Web Applications
Application Programming Interfaces (APIs) are at the heart of modern applications, enabling functionality, communication and acting as a bridge between different software components. A common issue that’s found though is Broken Function Level Authorization (BFLA), and...
by Alex Olsen | May 24, 2023 | Learning, Penetration Testing
What is the best note-taking application for pentesters? It’s a hot debate, and if you prefer to watch than read then we recently compared many of the popular options in this video. Otherwise, let’s take a look at what each app has on offer to help you decide what’s...
by Alex Olsen | May 17, 2023 | Web Applications
In the realm of secure authentication, two key elements often come to the fore: ID tokens and access tokens. Though these elements might seem similar, understanding their differences, common pitfalls, and best practices is crucial in ensuring the security of your...
