Blog | Tools

SQL injection used to be a lot easier a few years ago when it was less known, web application security was less mature, and errors were often exposed. It's very easy to use a variety of methods to cause errors to display database names, table names, column names, and even row values... when errors are enabled. These days, the SQL...Continue reading 

Fierce is one of the best DNS enumeration tools I've ever used. It's great for DNS servers that do not allow anonymous zone transfer as it includes dictionary-based hostname enumeration.A Perl script that enumerates an HTTPS instances supported SSL versions and ciphers. The best FireFox extension, hands down, for manual web application security assessments. Quick access to client-side information...Continue reading