The Cyber Threat Perspective
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics.
brad@securit360.com
The Cyber Threat Perspective
Episode 174: Web Application Penetration Testing Tools & Techniques with Jordan
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In Episode 174, host Brad Causey is joined by guest Jordan Natter for a practical, tool-focused conversation on web application penetration testing. Together they break down the essential tools and Burp Suite Pro extensions that make up a modern web app pen testing toolkit.
Topics covered include:
- Burp Suite Pro vs. OWASP ZAP — comparing capabilities, extensions, and use cases
- CSP Auditor — identifying unsafe Content Security Policy directives
- JSON Web Token (JWT) extension — surfacing and tampering with JWTs in HTTP history
- Retire.js — flagging outdated JavaScript libraries with known vulnerabilities
- CyberChef & JWT.io — encoding, decoding, and debugging tokens
- Postman & Swagger — API testing and documentation workflows
- SQLMap — powerful SQL injection discovery (and why you should never run it in production)
- Proxy Forge — evading cloud-based WAFs and testing geo-blocking
- GraphQL Hunter — enumerating and testing GraphQL instances
Have a tool or extension you swear by? Drop it in the comments — Brad and Jordan want to hear from you!
---
Burp Suite is an integrated platform for attacking web applications. http://portswigger.net/burp/
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
