Maintaining Session States in .NET Apps With Burp

Maintaining Session States in .NET Apps With Burp

By Mike Saunders | September 21, 2018

During a recent web app test, I encountered a situation when I would be randomly logged out of the application when running sqlmap. I wasn’t manipulating any of the session […]

Learn More
Maintaining Session States in .NET Apps With Burp

Capturing SQL Server User Hash with SQLi

By Mike Saunders | September 5, 2018

On a recent external web app pen test, I found a possible SQL injection vulnerability using the Burp Scanner. One of the tests triggered an A record lookup for the […]

Learn More
Capturing SQL Server User Hash with SQLi

Getting a Handle on Large Parameter Sets

By Mike Saunders | July 19, 2018

During a recent web app engagement, I wanted to run some of the Burp Scanner automated checks, but I was confronted with several issues. First, this particular application did not […]

Learn More
Getting a Handle on Large Parameter Sets

Getting to the (Actual) Goal

By Mike Saunders | July 10, 2018

While certainly not a new topic, there has been plenty of discussion recently around the goals of pen testing. Many believe that getting DA is the be-all and end-all of […]

Learn More
Getting to the (Actual) Goal