Why Test an Administrative Application Account?

A question that often arises when considering what authenticated roles to include for application security/penetration testing is whether administrative roles should be included. After all, should it not be assumed that an attacker with an administrative role could do major damage to the application and its stakeholders regardless of vulnerabilities that might be present? Of …

Why Test an Administrative Application Account? Read More »

Preparing a Mobile Application for Security Testing

Security testing comes in many forms. For our purposes, we will consider manually-driven, black-box testing that aims to identify the maximal set of vulnerabilities that can be identified within an application. Terminology can be contentious, but this is widely referred to as an application penetration test, which includes an attempt to exploit identified vulnerabilities, demonstrating …

Preparing a Mobile Application for Security Testing Read More »

Getting Started in Web Application Penetration Testing

As the complexity and diversity of our connected systems expand, the need for specialized offensive security skills is increasing. In particular, specialization in application security has been forecast to drive the growth in penetration testing services. Combined with the allure that comes with breaking into systems as a career, it’s no surprise there are many …

Getting Started in Web Application Penetration Testing Read More »

Pentesting Silverlight in 2021

Performing some Silverlight penetration testing? I’m sorry for your luck. If you’re like me, you’ve invested some time into investigating just which tools and techniques are currently available and functioning. If not, I hope to save you some time by describing my approach. Of course, it should go without saying that your client/developers should be …

Pentesting Silverlight in 2021 Read More »