Difference between revisions of "OWASP Pyttacker Project"
|Line 12:||Line 12:|
Most of the time is spent on finding the bad stuff during a Web PenTest, reports
Most of the time is spent on finding the bad stuff during a Web PenTest, reports time consuming and you need to deliver results as soon as possible, however in the end the one that will need to fix the issue (or push others to do it) will need to really understand the impact of the findings included in report. When you show raw Database data from a SQLi it's very visible for your costumer that the impact is High, however when the finding need some other the impact become more complicated to be demonstrated to non technical people, just a requestand responseis not enough and how long are you willing to take create a nice screenshot for being included in your report.
What about using "something" that is the server you mention as 'evil.com' that can be used by the bad guys against your costumer's company, even better if you know that the evil server is not that "evil" and you
then Pyttacker will be an interesting tool for you
Revision as of 21:27, 26 April 2014
As of March 2014, the priorities are:
"First Alpha version is ready but need more development time for including features that can be delegated to newcomers since the project is module based. The First Beta release is intended to be published on June 2014 including the PoC modules for CSRF, XSS, Open Redirect, XFS Next Steps:
- Add more PoC modules for more Vulnerabilities
- Add integration with tools like OWASP ZAP and Burp Suite"
Involvement in the development and promotion of Pyttacker is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- QA Testing | Bug reporting
- Content Translation
- Plugin Development
- Core code improvements
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?