Hans Petrich
More by Hans Petrich
Why You Should Consider a Source Code Assisted Penetration Test
Learn how to increase the value and results of your penetration testing with a source code assisted pentest.
CAPTCHAs Done Right?
CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are an anti-automation control that are becoming more and more important in protecting forms from automated submissions. However, just because you have a CAPTCHA on your form does not mean that you “did it right”. Let’s review some of the important parts about implementing a CAPTCHA.
Weaponizing self-xss
Maybe you’re a web app pentester who gets frustrated with finding self-xss on sites you test, or maybe you’re a website owner who keeps rejecting self-xss as a valid vulnerability. This post is intended to help both understand the risk involved in self-xss and how it can possibly be used against other users.
Insecurity Through Obscurity
Part 3 in this portal protections series, we’re going to walk through an “obscured” vulnerability we discovered that gave us super admin privileges to the application we were testing.
XSS Using Active Directory Automatic Provisioning
This blog answers the question: “Can we exploit the the application in some way if we already have access to the Azure panel?”
Username Discovery
In a continuation of our portal protections series, we’ll be discussing some of the methods that attacker’s can use to discover valid usernames on your applications.
Login Portal Security 101
When we think about attempts to discover web vulnerabilities, we like to think about attack surface. If you are looking for needles in haystacks, it helps if you have access to all of the hay first.