Every three to four years, OWASP releases a new version of arguably its most famous project, the “OWASP Top Ten”. Originally started in 2003, this list serves as an awareness document to highlight the 10 most prevalent issues for web applications. The newest release marks the eighth iteration and has once again undergone a few … Continue reading OWASP Top 10 2025 – A Pentester’s Perspective
As penetration testers, we sometimes have to perform web application security assessments from our customer's computers instead of our beloved machines. When this happens, we can face different challenges when trying to set up a working test environment. We will most likely have very limited permissions, which can prevent us from installing applications or modifying … Continue reading Proxy managed by enterprise? No problem! Abusing PAC and the registry to get burpin’
In order to expand existing web applications to mobile and desktop environments, more and more web developers are creating Progressive Web App (PWA) versions of their web applications. PWAs, originally proposed by Google in 2015, leverage the latest web standards to offer a native-like experience for both mobile and desktop applications.PWAs combine the best parts … Continue reading Deep dive into the security of Progressive Web Apps
TL;DR: You can configure Burp to use your PKCS#11 (or Belgian eID) card to set up client-authenticated SSL sessions, which you can then intercept and modify. This blog post shows how you can easily view and modify your own, local traffic. In order to complete this tutorial, you still need a valid eID card, and the … Continue reading Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows
