Untangling the Web: An Introduction to the OWASP Top 10

by SophiaPenetration Testing, WebPosted on No Comments

Estimated difficulty: 💜💜🤍🤍🤍 We are back! And what better way to kick things off than a joint blog post from both Sarah & Sophia? Despite our now varying areas of specialty, we’ve gone back to our penetration testing routes and will be covering the current OWASP Top 10 for web application security. What is OWASP …

Read more “Untangling the Web: An Introduction to the OWASP Top 10”

Phishing : Analysing a Phishy

by SarahAwareness, Best Practice, OSINT, Rapid Reads, WebPosted on 3 Comments

Estimated difficulty: 💜🤍🤍🤍🤍 I am sure many of you have heard of the term ‘phishing‘. Phishing is a form of social engineering, where the campaign is likely to pose as a trusted service or person, which may trick a user into giving away credentials, money or personal identifiable information. The phishing campaign is likely to …

Read more “Phishing : Analysing a Phishy”

XXE Injection: To Entity and Beyond!

by SophiaPenetration Testing, WebPosted on No Comments

Estimated difficulty: 💜💜💜💜🤍 Welcome back readers! After a few months hiatus, the Queens are back in action and ready to blog to our heart’s content! This month’s blog we will be delving into the art of XXE injection, what it is, a few ways to exploit it, and the mitigation techniques used “IRL”. A huge …

Read more “XXE Injection: To Entity and Beyond!”

Drop it Like it’s Hot: SQLi 101

by SophiaPenetration Testing, WebPosted on No Comments

Estimated difficulty: 💜💜💜🤍🤍 Continuing our journey into the land of web hax, this week (as requested by the world of Twitter) we are covering SQL injection basics. What is SQL? SQL stands for Structured Query Language and is commonly used by various applications to interact with a database, usually submitting queries to retrieve specific information. …

Read more “Drop it Like it’s Hot: SQLi 101”

Who Ya Gonna Call? DirBuster!

by SophiaPenetration Testing, Rapid Reads, WebPosted on No Comments

Estimated difficulty: 💜💜🤍🤍🤍 Need to bruteforce directory names on a web application? Or perhaps you need to find unlisted files on a web server? Who ya gonna call? DIRBUSTER! So first thing’s first, the boring pentesty theory bit before we do all the mad hax and walkthrough the basics of Dirbuster. Remember this neat little …

Read more “Who Ya Gonna Call? DirBuster!”

Web(uilt) This City on Rock and Roll: An Intro to Web Hacking

by SophiaSecuriteenies, WebPosted on No Comments

Estimated difficulty: 💚💚💚 Hey Securiteenies! And welcome to another blog written just for you. Following on from Sarah’s “Castle on a Cloud” post about the basics of the internet – are you ready to learn a little bit about web hacking? First of all let’s recap… The Internet vs. the World Wide Web As Sarah …

Read more “Web(uilt) This City on Rock and Roll: An Intro to Web Hacking”

STOP! In the Name of Web: Intercepting Traffic with BurpSuite (A Beginner’s Guide)

by SophiaWebPosted on 2 Comments

Estimated Difficulty: 💜💜💜🤍🤍 Another song themed blog, this blog will mostly cover BurpSuite interception basics (including how to setup BurpSuite). We will be demonstrating BurpSuite using Kali Linux, using the Community Version (1.7.35). As always, constructive criticisms and feedback are always welcome! Back to Basics Before we dive into the realm of web hacking and …

Read more “STOP! In the Name of Web: Intercepting Traffic with BurpSuite (A Beginner’s Guide)”