Young hacker smiling

We hack your software

zero false positives

Attacking Applications, APIs, Mobile Apps Servers, Networks, IoT Devices
ICS: Industrial Control System
SOC: Security Operations Center

Python proofreading a document

Pars orationis non est secura

Using parser combinators to detect flaws

We like bWAPP around here, because it’s very buggy!. We have shown here how to find and exploit vulnerabilities like SQL injection, directory traversal, XPath injection, and UNIX command injection. All of these have one thing in common, namely: they could have been prevented with a little Input Validation …



O'Reilly XML book cover

XML: eXploitable Markup Language

XPath injection on XML files

Markup languages are “systems for annotating a document in a way that is syntactically distinguishable from the text.” [1] What does that really mean? I reckon that’d be better understood with examples. But before, a warning: if you use them for sensitive information storage, you should be really careful …



Fuzzy caterpillar

Fuzzy bugs online

Fuzz techniques for attacking web applications

Web fuzzing is an automated, computerized technique to find bugs and vulnerabilities within a computer system. If you think protecting your site is a matter of simply blocking the most common types of malicious requests, think again. Read on. Injecting SQL into a vulnerable site A fairly common situation is …



Service status - Terms of Use