Onapsis Bizploit is an SAP penetration testing framework to assist security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized SAP security assessment. The framework currently ships with many plugins to assess the security of SAP Business Platforms. Additional plugins are available for broader platform support including Oracle. Nowadays, most organizations which […]
Archives for 2015
Yasca – Multi-Language Static Analysis Toolset
Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It’s basically a tool-kit for multi-language static analysis. Yasca can scan source code written in Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages It leverages on external open source […]
XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool
We first published about XSSYA back in 2014, and it seemed to be pretty popular, there’s not a whole lot of tools in the XSS (Cross Site Scripting) space. For those who are unfamiliar, XSSYA used to be Cross Site Scripting aka XSS Vulnerability Scanner & Confirmation tool – the scanning portion has been removed […]
Pinterest Bug Bounty Program Starts Paying
There’s been a fair bit of news about bug bounty programs in the past year or so, with Twitter officially starting to pay bug bounties at the end of 2014 and Google recently removing the caps from their program and making Pwnium all year round. The latest news is Pinterest bug bounty program has started […]
wig – CMS Identification & Information Gathering Tool
wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. It’s strength is CMS identification, it can also attempt to do OS fingerprinting. The application fingerprinting is based on checksums and string matching of known files for different versions of CMSes. This results in a score […]