Mike Lisi

2 posts published

SSH Socks Proxying and Burp

There's no question about it, PortSwigger's Burp Suite is the de-facto tool for testing web applications for security vulnerabilities. It's far from a "fire-and-f0rget" tool, which means that it take a lot of getting used to in order to make effective use of everything that the tool has to offer.

Know Your Role(s)!

Too often, I've started a web application penetration test with one set of user credentials, a target application URL and it's off to the races. Not long after starting the test, it becomes apparent that I'll need at least one more set of credentials in order to properly test all