Sort Your Lists – Penetration Test Reporting Tips

There are testers who think I’m nutz for insisting that they sort any lists they include in their reports. Let me tell you my side of the story…

OWASP & The Top 10

The OWASP Top 10 details critical risks associated with web application security and is the defacto standard for web app security.

Include Command Strings – Penetration Test Reporting Tips

A good pentest report is supposed to be a teaching tool that provides the folks on the receiving end with information that makes it possible for them to do a lot of the same things we did. Here are a few reasons why we want them to do that.

Hire an Editor – Penetration Test Reporting Tips

If you really, honestly, and truly want to take your reports to the next level, hire an editor.

Report As You Go – Penetration Test Reporting Tips

If what you did does not show up in your pentest report, it didn’t happen. So how do you make sure your report captures everything you did? (First in a series of posts.)

The Dark Side of Cookies

Browser cookies are files stored on your computer with information to be used by your web browsers. They aren’t evil on their own, but they can be used for evil.

URL Hacking (or “How to Sanitize Your URLs”)

Most people don’t think twice about copy/pasting a ginormous web link into an email or social media post.
But they should!

A G33k Goes To DEFCON

Day of Shecurity sent me to DEF CON 26. I had a wonderful time, did some cool things, and have already made plans to attend DEF CON 27. If you want the full details, keep reading…