Breaking down the 5 most common SQL injection threatsIn this ongoing battle, organizations and offensive security pros grapple with many questions: Why do these attacks persist? What are the most prevalent types of SQL injection attacks? And, most importantly, how do we prevent them effectively? You’ll get answers to these burning questions (and more!) in this practical guide.Author(s)Satyam Singh,Kelyan YesilPublished at01 Sep 2023Updated at07 Sep 2023
How to detect injection flaws with Pentest-Tools.comWhether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications.Author(s)Cristian CorneaPublished at19 Mar 2021Updated at09 Jun 2023
Exploiting SQL Injection in Magento Using SqlmapIn this article we show a new method of exploiting the critical SQL Injection vulnerability in Magento (CVE-2019-7139), using the well known SQLMap tool.Author(s)Alexandru PostolachePublished at14 Jun 2019Updated at07 Jul 2022
Securing Your Laravel Application: A Comprehensive GuideAs someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application.Author(s)Cosmin ComanPublished at11 Apr 2023Updated at22 Aug 2023
Exploiting OGNL Injection in Apache StrutsLet’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776.Author(s)Ionuț PopescuPublished at14 Mar 2019Updated at05 May 2023
[New scanners] Find Associated Domains, Password Auditor, and 2 more new toolsVulnerability scanners are essential tools for penetration testers who need to assess the security of their servers, sites, or networks. That’s why we focus on adding new scanners on Pentest-Tools.com to help our customers discover critical security flaws quickly and effectively.Author(s)Ioana RijnetuPublished at25 Jul 2019Updated at18 Jul 2023
Log4J - why some CVEs (almost) never disappearUnless you’ve been on a sabbatical for the past year, you probably know how a critical vulnerability known as Log4shell took over the world.Author(s)Kelyan YesilPublished at07 Apr 2023Updated at12 Jul 2023
How to do a Basic Website Vulnerability Assessment with Pentest-Tools.comLet’s see how to perform a basic security evaluation of your web application with the tools from Pentest-Tools.com.Author(s)Adrian FurtunaPublished at24 May 2019Updated at09 Jun 2023
10 Practical scenarios for XSS attacksLet’s delve into these 10 practical attack scenarios with actionable examples that highlight the real risk of cross-site scripting (XSS) vulnerabilities.Author(s)Satyam Singh,Iulian BirlicaPublished at07 Jul 2023Updated at24 Aug 2023
How to do a full website vulnerability assessment with Pentest-Tools.comAs a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!Author(s)Daniel BecheneaPublished at31 Mar 2021Updated at11 May 2023
Year in review: 2021 on Pentest-Tools.comSecurity is the gift that keeps on giving and never have we felt it like we did this year.Author(s)Andra ZahariaPublished at28 Dec 2021Updated at17 Jul 2023
Customized white label, website scanner improvements & other platform updatesHere are 7 platform improvements we deployed in the current update to make Pentest-Tools.com a valuable asset for your pentesting toolbox.Author(s)Ioana RijnetuPublished at20 Aug 2019Updated at07 Jul 2022