SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 20% discount!

Hey friends, today we’ve got a security milkshake episode about Web app pentesting. Specifically we talk about:

• Burp Suite Enterprise
• Caido – a lightweight alternative to Burp
• wfuzz – Web fuzzer.  Using a proxy:wfuzz -c -z file,/usr/share/wfuzz/wordlist/Injections/XSS.txt –sc 200 “https://somedomain.com/shopping?&qty=%2FUZZ” -p 10.0.7.11:8080
• KNOXSS – for XSS testing – pairs nicely with this wrapper: https://github.com/xnl-h4ck3r/knoxnl

In the tangent dept, I moan about how I hate some things about Proxmox but am also starting to love it.

In the tangent #2 department, I talk about tinnitus and acupuncture!