Filter Sandboxing and Fuzzing: A Web App Testing Technique
My NYMISSA presentation on web app static code analysis and testing techniques received good reviews. The aspect of the presentation that received the most comments from the other web app pen test...
View ArticleMalformed HTML & XSS Character Filtering: A Few Lessons
On a recent web app pen test I ran into the following issue: the application would escape (that is, add backslashes) before single and double quotes but not filter other characters. Upon review of the...
View Article
More Pages to Explore .....