Open in app
Home
Notifications
Lists
Stories

Write
Adam Wilson
Adam Wilson

Home

1 day ago

Hostname Reconnaissance with Scrapy and the crt.sh Certificate Transparency Tool

For AppSec professionals, visibility into an entire application ecosystem is essential. You may need to take inventory of apps you’re responsible to defend. You may need to discover the full attack surface for an app penetration test. …

Certificate Transparency

5 min read

Hostname Reconnaissance with Scrapy and the crt.sh Certificate Transparency Tool
Hostname Reconnaissance with Scrapy and the crt.sh Certificate Transparency Tool

2 days ago

Web App Security Testing for Error Log Denial-of-Service Attacks with bash, Python and Burp

When following the WSTG-CONF-02: Test Application Platform Configuration section of the OWASP Web App Security Testing Guide, a key recommendation is to ensure that an app’s logging mechanism does not introduce a Denial-of-Service condition. …

Web App Pentesting

5 min read


3 days ago

How to Proxy IIS Express Traffic with Burp in Linux Guest VM (VMware)

I previously wrote about setting up a VirtualBox guest VM to allow Burp to proxy the HTTP traffic running in IIS Express for a .NET Framework app on the host. This article shows how to do the same in VMware Workstation Pro. Allow External Requests to the Web App Running on the Host’s IIS Express This part is no different than the VirtualBox…

Vmware Workstation

2 min read


3 days ago

Proxy IIS Express Traffic with Burp in Linux Guest VM (VirtualBox)

As a Web app penetration tester, you’ll sometimes need to assess the security posture of .NET Framework web apps. In a crystal-box assessment, you may have the opportunity to run the application locally in IIS Express. Of course, .NET Framework apps won’t run on your Linux guest. While it’s arguably…

Appsec

2 min read

Adam Wilson

Adam Wilson

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable