Showing posts from 2016

Released: IOS Surface Security Checker, CRL Revocation Checker

IOS Surface Security Checker - A very light scanner that replaces some features of MobSF framework   CRL Revocation Checker where other scanners fail - supports HTTP, SMTP at this moment, 2016-11


Updated with new cool online tools Web Security Testing Toolbox    A toolbox with a set of useful tools and links. Tools:  Reverse Tab Jacker (window.opener) WebGun, XSS Payload Creator Referer Check Bypasser Flash-based XSSer PHP Charset Encoder CAL9000 Encoder's JS Encoders   Hacker Web Search Aggregator   Referer XSS PoC  (IE only)  XSS POST Forwarder (Usage:   CSRF POST Redirector (usage:¶m1=value1&..)   JSBin - Test and share XSS Payload proof   JSFiddle - Test and share XSS Payload proof   Real-time HTML Editor   Real-time HTML Editor - Mirror   Gareth Heyes's masterpieces for web hackers   Google Chrome Browser Addons for Web App Hackers   Firefox Browser Addons Revisited for Web App Hackers   Tests: Cross Site Framing   Cross Site Request Forgery   Two-Stage CSRF Prompt Bypass Generat

Added Online POC Tool: Bypass Referrer Checker

Added Bypass Referrer Checker as part of

Hybrid Testing Guide - Report Generator (Portswigger + OWASP + WASC + a few others)

Updated our web security lab with Hybrid Testing Guide v201603 - Report Generator