AppSec Archives - Shells.Systems

Unveiling BugHound: a static code analysis tool based on ElasticSearch

Posted on 2021-01-242021-01-24 by Askar

Estimated Reading Time: 7 minutes In the last couple of weeks, I was doing some code analysis for a couple of products, some of them were part of my daily job and the other was for research purposes. During this period, I was trying to do automation for my code analysis process to reduce the amount of work that I…

Adventures in Burp Extender Land

Posted on 2020-03-312020-03-31 by Ian

Estimated Reading Time: 7 minutes Recently I was testing a mobile application and it’s interaction with an API backend. It was the first time that I had come across an application that used two different JWT tokens in the headers to authorise against the API end point. Burp is great at handling cookies, but is not so great on handling…