Category Archives: Tools for Web App Testing

Bsqlbf v2.2

I finally managed to fix a few bugs and release a new version. Other than the bug fixing, the new version also supports blind sql injection in “order by”, “group by” clause. There are currently a few issues with threaded perl. I have tested this under windows using activeperl. As… Read More

Recommended Books For Pentesting

Although, i don't have the habit of reading books, here are a few books which you may consider reading. ———–  Database Hackers Handbook.(David Litchfield) Oracle Hacker's handbook (David Litchfield)  Hacking Web Applications Exposed (TMH Publications) Essential PHP Security (Chris Shifflett) TCP/IP Illustrated (Comer). Hacking Linux Exposed.  ——-  As this list… Read More

Cookie Analysis

Webscarab is perhaps the only tool i can think of for this. I use this tool to figure out whether the session ids are predictable or not. The ‘visualisation’ feature is just great. Although the interface is not a very well designed and if you are a new user you… Read More