Tplmap – identify and use the template engine

When you run a penetration test of a web page that generates dynamic content using templates with user-provided values, you may encounter server-side template injection vulnerability. Manual identification of the template engine you are dealing with and subsequent exploitation can be easily automated using the Tplmap tool. Tplmap is able… Continue reading

Page mapping

Mapping web application resources can reveal important information about the tree and directory structure of your application, thereby revealing information about the software used, its version, or the programming language used in the construction. It consists in building a systematic view, which usually hierarchically shows what data the WEB application… Continue reading

The most common vulnerabilities of web applications

According to statistics maintained by theOpen Web Application Security Project (OWASP), the ten most common security errors can be distinguished. The graphic below shows how often veracode, a web application security research organization, detects these vulnerabilities during a preliminary risk assessment. The vulnerability detection rate from the OWASP Top 10… Continue reading

What are penetration tests?

Penetration testing can be defined as a legitimate and authorized attempt to find andexploit security vulnerabilities in computer systems to improve the security of these systems. This process includes testing vulnerabilities as well as providing complete evidence of a so-called "vulnerability" attack. POC (proof of concept). This is to confirm… Continue reading