DVWA - Brute Force (High Level) - Anti-CSRF Tokens
This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level. It is an expansion from the "low" level (which is a straightforward HTTP GET form attack). The main login screen shares similar issues (brute force-able and with anti-CSRF tokens). The only other posting is the "medium" security level post (which deals with timing issues).For the final time, let's pretend we do not know any credentials for DVWA....Let's play dumb and brute force DVWA... once and for all! Read More
FEATURES
SIMILAR TOOLS
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
A script that checks for common best-practices around deploying Docker containers in production.
A virtual machine with numerous security vulnerabilities for testing exploits with Metasploit.
A tool for scanning Adobe Experience Manager instances for potential security vulnerabilities
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
A vulnerability and exposure management platform that unifies security tool data, automates workflows, and provides risk-based prioritization for enterprise vulnerability management programs.
A vulnerability management platform that centralizes security assessment workflows, integrates multiple security tools, and provides collaboration features for security teams.
tfsec is being replaced by Trivy, a more comprehensive open-source security solution
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.