Category Archives: How do I test for …

Getting SQLMap to Detect Injection Points Through JSON

I was working on a clients web-app the other day and I had set off an automated scan using Burp across the site.  Burp is a great tool for providing coverage of web-apps and their vulnerabilities and can be surprisingly … Continue reading

Posted in How do I test for ..., Lessons Learnt | 1 Comment

How do I test for … weak passwords hashes

So assuming for a moment you have a list of hashes (getting them is another topic altogether) there are a number of ways of testing the strength of your users passwords.  Ultimately, the strength of a password is the amount … Continue reading

Posted in How do I test for ... | Leave a comment

How do I test for … bad SSL/TLS implementations

The easiest way to find poor implementations of SSL and TLS encryption algorithms is to run the SSL Scan tool.  If you run it against this website you will get something along the lines of: sslscan –no-failed srv.felixrr.pro:443 _ ___ … Continue reading

Posted in How do I test for ... | Leave a comment