![]() It’s the kind of site that Netsparker should have a field day with so let’s see what it finds shall we? About Netsparker (and how to get it)įirst things first: Netsparker has kindly given me a license for their Professional version and that’s enabled me to write this post. These are the sorts of vulnerabilities I’ve seen over many, many reviews of web security over the years and I’ve built them all into the one mother of an insecure site. It also has about 50 serious security vulnerabilities in it. ![]() This is the site I built specifically for the course and it’s publicly accessible at. Speaking of Hack Yourself First, have you seen this train-wreck of a website? If I’m honest, it’s my favourite course to date and I reckon it’s a “must watch” for all web developers, although I will acknowledge some bias :) The whole premise of this course is about how to identify insecure patterns in web apps, how to exploit those patterns and then most importantly, how the secure patterns look and how they defend against attacks. But it also very often bears fruit, in fact this is why I wrote the Pluralsight course titled Hack Yourself First: How to go on the Cyber-Offense. I do this all the time and it quickly becomes both repetitive and time consuming. That said, Netsparker is rather awesome at automating the often laborious process which is trawling through a website and looking for risks. If you’re looking for a tool to do all the hard work for you without actually understanding what’s going on, this isn’t the post you want to read! (Yes, there are places that sell “security in a box”, no, do not trust them!) I will not run web security analysers without first understanding web security.Īre we clear now? Good, because as neat as tools like I’m about to discuss are, nothing good comes from putting them in the hands of people who can’t properly interpret the results and grasp the concepts of what dynamic analysis scanners can and cannot cover. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |