Search • Page 3/4

43 results for "SQL injection"

Milestones

Year in review: 2021 on Pentest-Tools.com

Security is the gift that keeps on giving and never have we felt it like we did this year.

Author(s)

Andra Zaharia

Published at: 28 Dec 2021

How we detect Log4Shell on Pentest-Tools.com

Security research

How we detect and exploit Log4Shell to help you find targets using vulnerable Log4j versions

We’re breaking down our technique for detecting CVE-2021-44228 (Log4Shell) because we believe our users should understand what’s happening behind the scanners so they can avoid a false sense of security.

Author(s)

Adrian Furtuna

Published at: 17 Dec 2021

Platform updates

November updates for powerful workflows, including detection for Log4Shell

Giving you the tools you need right now to speed up detection and reporting is always our top priority. Especially when your work is essential to effectively prioritize remediation. So, with every monthly update, we strive to do just that.

Author(s)

Ioana Rijnetu

Published at: 16 Dec 2021

Platform updates

Detect & exploit the latest CVEs + more automation updates

“Great and getting even better” is what we commit to with each monthly update we roll out on Pentest-Tools.com.

Author(s)

Ioana Rijnetu

Published at: 05 Oct 2021

Platform updates

Detect critical CVEs, scan stats + more updates

If you’ve had an intense summer, that makes two of us. We worked hard to roll out new and helpful updates, so let’s break them down:

Author(s)

Ioana Rijnetu

Published at: 14 Sep 2021

Read the article titled Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking

Milestones

Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking

At Pentest-Tools.com, we use our managed pentesting services to learn from our customers and listen to them. Every one of us works hard to understand what users need and why, feeding that knowledge into the platform while we continue to learn and grow as individuals and as a team. That’s why we eat our own dog food and we always practice what we preach.

Author(s)

Ioana Rijnetu

Published at: 03 Sep 2021

Hacking tutorials

How to detect broken authentication with Pentest-Tools.com

OWASP Top 10 is an industry staple for a reason: because it’s incredibly well documented and provides a reliable framework for security specialists striving to prioritize vulns.

Author(s)

Cristian Cornea

Published at: 07 Apr 2021

Hacking tutorials

How to do a full website vulnerability assessment with Pentest-Tools.com

As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!

Author(s)

Daniel Bechenea

Published at: 31 Mar 2021

Hacking tutorials

How to detect injection flaws with Pentest-Tools.com

Whether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications.

Author(s)

Cristian Cornea

Published at: 19 Mar 2021

Milestones

Why Pentest Robots are rocket fuel for pentesters, not their replacement

Let me say this from the start: full automation is the wrong approach for scaling penetration testing. The whole “machines will replace humans” view doesn’t sit well with us. It’s too simplistic and it fails to capture the complexity and depth involved in security testing and the larger information security ecosystem. So how come we launched pentest robots - an automation feature - at Black Hat Europe 2020?

Author(s)

Andra Zaharia

Published at: 10 Dec 2020

Security research

How to exploit the DotNetNuke Cookie Deserialization

We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.

Author(s)