- 6
- 59 551
TheTestTherapist
เข้าร่วมเมื่อ 24 ก.พ. 2022
A channel devoted to delivering in-depth discussions, valuable resources, and expert insights on Performance Testing and Security Testing. Expect informative videos that dive into both areas, offering practical knowledge and up-to-date information.
Scan your Wordpress site against vulnerabilities using WP-Scan
In this video we are going to scan a Wordpress site against security vulnerabilities using WP-Scan
Links :
WPScan Github
============
github.com/wpscanteam/wpscan
Damn Vulnerable Wordpress
========================
github.com/vavkamil/dvwp
Docker Playground
================
labs.play-with-docker.com
Register to get WPscan token
========================
wpscan.com
#wordpress #securitytesting #wpscan #cybersecurity #kali #security #applicationsecurity #owasp
Links :
WPScan Github
============
github.com/wpscanteam/wpscan
Damn Vulnerable Wordpress
========================
github.com/vavkamil/dvwp
Docker Playground
================
labs.play-with-docker.com
Register to get WPscan token
========================
wpscan.com
#wordpress #securitytesting #wpscan #cybersecurity #kali #security #applicationsecurity #owasp
มุมมอง: 458
วีดีโอ
![[First Look] Postman API Performance Testing Feature](http://i.ytimg.com/vi/pByrZ1DObMI/mqdefault.jpg)
![[First Look] Postman API Performance Testing Feature](/img/tr.png)
[First Look] Postman API Performance Testing Feature
มุมมอง 854ปีที่แล้ว
This is the first look at Postman API Performance Testing new feature , you can request your early access via the following link www.postman.com/lp/api-performance-testing/#how-to-get-started Swagger Pet Store petstore.swagger.io/ #api #testing #postman #performancetesting #new
SQL Injection Attacks Using OWASP Zap Fuzzer
มุมมอง 24K2 ปีที่แล้ว
SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. In this video we're going to attack OWASP Mutillidae using Zap Proxy Fuzzer. Links owasp.org/www-project-mutillidae-ii/ OWASP Zap www.zaproxy.org #owasp #sql...
GraphQL Performance Testing using Apache JMeter - A quick walkthrough
มุมมอง 4.7K2 ปีที่แล้ว
In this quick walkthrough I will show you how to do performance testing for GraphQL using Apache JMeter GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL queries access not just the properties of one resource but also smoothly follow references between them. Links SpaceX GraphQL API studio.apollographql.com/public/SpaceX-pxxbxen/hom...
Apache JMeter Non-GUI Mode - A quick Walkthrough
มุมมอง 8772 ปีที่แล้ว
Today, we will have a walkthrough of Apache JMeter Non-Gui mode. Why we may need a Non-GUI mode. 1- If you want to execute JMeter script from an OS without UI, like Linux and Unix 2- Is to use the least memory footprint for your test, it will help you have a more stable test and generate more virtual users. Commands MacOS : sh jmeter -n -t NonGuiTrial.jmx -l Test1.jtl Windows : jmeter -n -t Non...
API Security Testing With Postman & OWASP Zap - A quick walkthrough
มุมมอง 29K2 ปีที่แล้ว
Most of the content around API testing is about functional testing or recently about API automation testing , so what about Security Testing? We're going to use Postman and consume our existing collections. The idea is to send the Postman requests to OWASP Zap to be able to start automated pen-testing. Enjoy! Links VAmPI - The Vulnerable API github.com/erev0s/VAmPI Zap Proxy www.zaproxy.org/ St...
Thanks Bro, that was a informative tutorial.
1:09 I found that in addition to FuzzDB Files , FuzzDB offensize also needs to be installed in order for fuzzDB->attack to appear.
Sometimes in Windows fuzz db files can be marked as threat and deleted once added that's why it only appeared when you add fuzz db offensive as well , but in other platforms (linux or mac) you can add any of them. Thank you :)
Thank you very much for the tutorial. 🙏
Glad it was helpful!
thank you bro
Please post more tutorials on GraphQl performance testing using apache JMeter.
Will do :)
Thanks for sharing
Is thr any way to integrate this with existing selenium framework and run the scans in backend while ui testcases are being executed?
Thank you sir!
Great video. Thank you Sir!
Thank you :)
Thanks a lot for you video, but if the api needs generated token to be able to use it is there authentication method like in the web app authenticated scan?
nice lesson thank you
Thank you :)
how do i get the page that you enter the username in?
nice. it helped
Glad to hear!
how to find the unpublished api and how to do ai fuzzing
Spider can get you any folder under the domain under test , but for ai fuzzing i don’t know haven’t tried it before 🤷🏻
Hey , how to add the addon FuzzDB Files from market place , Could see FUZZDB files is available in market place but i am not able to add this addon, can you help me out in adding this?
Hey , if you are using Zap on Windows , sometimes it sees fuzz db files as a virus , try to add “FuzzDB Offensive” from the marketplace it should do the same job. Good luck!
@@thetesttherapist thanks for quick response , have one more query when i try to start Fuzzer it says "Some Fuzz locations do not have any payload set. At least one payload must be added to start the fuzzer" . I have added a payload using payloads option but still i could see this warning. How do i need to resolve this?
I just used owasp zap to check the website and there is an "Alerts" section. I want to get data directly from it, what should I do??
If by data you mean extract a report , here how you can generate a report 👇 From Report menu select generate report
I was just wondering how to use it with Postman and pentest to my apps. Thanks dude
You’re welcome! If you have any more questions or need further assistance, feel free to ask. Happy pentesting!
Can you do it with ldap injection too?
You can find ldap injection under jbrofuzz
If we are using register api, so then we would have to provide different emails for each request otherwise it will say user already exist. So how can I do that using graphql api ? I do want to check the performance by applying load.
Hi , you can provide different user input by using csv dataset config in JMeter , then each request will send a new user data
Just awesome! To the point, clear and concise. Thanks
Glad you liked it!
@@thetesttherapist can you please make more videos on how we can automate the zap security test using its scripting feature? It will be great to see that. Thanks a ton in advance.
Can you tell how to generate a sharable file for the details of alerts of a particular API ?
You can generate detailed report : Report -> generate Report -> From Template choose "Traditional HTML Report" This should display alerts with all details
Nicely explained.. Please help us to learn more functionality in owasp
Thank you :)
Your teaching style is clear and concise. Simply awesome!
Thank you!
Nice to see some content of real value on yt
Thank you!
thank you
Welcome!
Great, I was just wondering how to use it with Postman. Thanks.
thank u
You're welcome!
Thank you so much for the great effort. Loved the content quality and the smart way you conduct the knowledge to make it a piece of cake to digest 🙏👏👏❤️
My pleasure!
thank you. Pls continue making content
Thank you, I will