DEV Community: Brian Pavicic

Clearing the Way for Proactive Code Security Testing

Brian Pavicic — Wed, 22 Nov 2023 02:51:38 +0000

To clients and the broader AppSec community, it is True Positive's mission to deliver precise and affordable software security testing solutions.

One offering enormous potential benefits to the DEV community is the OWASP Penetration Testing ToolKit (aka PTK), an open source tool made freely accessible by T+.

With PTK, you can unlock breakthrough browser-enabled security analysis to supercharge security testing to:

Effortlessly discover potential security bugs.
Go deeper to verify bugs and expose hidden threats.
Inform remediation and test fixes.

OWASP PTK: Key Capabilities & Features

Insightful Information: Get one-click access to insightful information about the target application, including its technology stack, Web Application Firewalls (WAFs), security headers, crawled links, and authentication flow.

In-Browser Runtime Scanning: PTK offers Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) scanning within your browser. Detect SQL Injections, Command Line Injections, Stored and Reflected Cross-Site Scripting (XSS) vulnerabilities, and more. It even identifies complex threats like SQL Authentication Bypass, XPath injections, and JWT attacks.

Proxy with Traffic Log: PTK includes a proxy with a detailed traffic log. This log allows you to repeat any request in the R-Builder or send it to the R-Attacker. You can automate the execution of Cross-Site Scripting (XSS), SQL injection, or OS Command injections.

Request Builder for Request Tampering: The extension includes R-Builder, a powerful tool that allows you to craft and manipulate HTTP requests with precision. It empowers you to execute complex maneuvers, including HTTP request smuggling attacks, for a comprehensive assessment of application vulnerabilities.

Cookie Management: PTK includes a cookie editor, allowing you to manage cookies efficiently. Add, edit, remove, block, protect, export, and easily import cookies.

Decoder/Encoder Utility: The integrated utility helps you manage encoding and decoding from and to various formats, including UTF-8, Base64, MD5, and more.

Swagger.IO Integration: We've integrated Swagger.IO to enhance your understanding of API documentation. Easily create requests to interact with API endpoints.

Selenium Integration: With Selenium integration, PTK aids in identifying security risks at the early stages of the development cycle, ensuring robust security from the outset.

Tool Roadmap. Coming December 2023.

JWT Inspector: We've added a crucial new feature – JWT Inspector. It empowers you to analyze JSON Web Tokens (JWT), build new tokens using different algorithms (including None algorithm), and generate public and private keys for JWT signing.

Get the OWASP PTK open-source tool free here.

Explore the feature-enhanced edition, PTK Plus(PTK+) .

Question? ](ptk-support@ptk-plus.io)

Stay Ahead of Security Issues. Troubleshoot Like a Boss.

Brian Pavicic — Thu, 16 Nov 2023 21:21:57 +0000

You can, with True Positives backing you up with simple but rugged Freemium & Open-Source security analysis tools.
Learn more here

Proactive Code Security Testing - Discover Before YOU Commit

Brian Pavicic — Fri, 08 Sep 2023 16:59:21 +0000

True Positives is dedicated to providing accessible and effective solutions for application security. We offer a range of tools and services, both FREE and affordable, including those to support security-conscious developers seeking to smoke-test the security of their projects, including:

True-Inspect.com provides fast, reliable web software and system vulnerability scans on demand. Begins with a Standard service that is free without strings or limits.

OWASP Penetration Testing Toolkit("PTK") allows you to secure your applications from the beginning by making your browser smarter. Free, Open Source solution.

Learn More:https://www.true-positives.com/free-open-source-tools

Security: How to Discover Hidden API's

Brian Pavicic — Fri, 08 Sep 2023 15:29:42 +0000

Unlock the secrets of API security! Don't miss our informative webinar hosted by True Positives, LLCin partnership with BLST Security. Go deep into the subject with industry experts like Dan Kuykendall, host of the Dan On Dev Show. Register to attend: https://lnkd.in/gSVfTQJw.

Valuable input for crucial skills for software development teams

Brian Pavicic — Wed, 26 Jul 2023 18:48:43 +0000

This resource is remarkable from this friend and advisor to True Positives, LLC.

Whether you are an entrepreneur/founder of a software company or have just been promoted to a team lead, improving your leadership skills is crucial for software development teams to build great products because it sets the tone for effective communication, collaboration, and decision-making. A skilled leader can inspire and motivate team members, provide guidance and support, and create a culture of innovation and continuous improvement.

Ad hoc security smoke test resource

Brian Pavicic — Wed, 26 Jul 2023 18:30:46 +0000

True Positives, LLC is thrilled to witness the overwhelming delight and appreciation from our growing True-Inspect.com user community as we make #appsec much more straightforward and cost-effective.

Among them, devs using the tool for ad hoc code security smoke tests are well represented.

See what you're missing! https://www.true-positves.com/tiad

AI-Generated Code: A Pandora's Box of Security Risks?

Brian Pavicic — Thu, 04 May 2023 00:16:56 +0000

AI Software Engineering is here. This isn’t code completion. This isn’t a code generation framework. This is code generation. With innovative tools like ChatGPT and GitHub Copilot, AI-generated code transforms how we create software, enabling faster development for professionals and hobbyists alike. However, as we increasingly rely on these cutting-edge technologies to produce accurate and efficient code, it's crucial to remain vigilant about the potential risks.

Article:

https://www.true-positives.com/post/ai-generated-code-a-pandora-s-box-of-security-risks

No Fee DAST Security Scans On Demand

Brian Pavicic — Tue, 18 Apr 2023 00:06:45 +0000

End difficult, prolonged, resource-hungry #appsec testing with secure and thorough code inspection on-demand at(https://www.true-inspect.com.)

FREE Standard (DAST)security scans with sign-up.
No credit card, contract or minimum is required.

Learn more:

**Clip
(https://video.wixstatic.com/video/edac60_5de94cd96893452c942e46245faaef83/1080p/mp4/file.mp4)

**PDF
(https://edac60cf-4062-4d32-80df-b179f00aeb91.usrfiles.com/ugd/edac60_4de829e6c9094749be74e81e38d9c61f.pdf)

Development & Security beyond its bumpy start in the early dot.com days

Brian Pavicic — Wed, 29 Mar 2023 00:15:43 +0000

Learn what's become of software security and how to achieve performance plus efficiency best nowadays.

Article: (https://www.true-positives.com/post/appsec-beginnings-how-an-industry-built-trust)

Test code security whenever you want for ensured peace of mind

Brian Pavicic — Tue, 28 Mar 2023 23:57:02 +0000

Video:[https://youtu.be/4Lg_-KOcDDk]

The emergence of simple, reliable, and far more efficient tools and services is unlocking the ability of developers and coders to be more security-minded, allowing them to test the security of their work whenever they want.

Security Smoke Tests = Improved Peace of Mind

Brian Pavicic — Fri, 10 Feb 2023 01:57:49 +0000

While coding, it's never been easier to locate and squash security flaws and have greater peace of mind.

A few well worthy of consideration include:

True Inspect by True Positives, LLC.

Brand new managed AppSec hybrid service that is FREE to use and offers reliable dynamic application security testing (DAST) on demand. An optional low-cost upgrade offers Users a more detailed analysis. With it you get the same tools and services as the big dogs, at a price, you can afford.

OWASP Penetration Testing Kit by True Positives, LLC.

A free, open-source browser plug-in for security and development that allows security testing to occur more thoroughly and effortlessly by having a bevy of apt and powerful utilities wrapped in and negating the need to configure a third-party tool or worry about connectivity and proxy issues.

Development & Security's Arduous Path to Elevated Trust

Brian Pavicic — Tue, 07 Feb 2023 04:12:24 +0000

It’s 2023. Threats aren’t just a consideration, they are a priority in the software industry. As a result, Product Engineering and DevOps teams have taken a more proactive role in the prevention of vulnerabilities. There is nothing more embarrassing to a developer than finding out your luxury home is actually a house of cards in front of stakeholders due to a bug that could have easily been detected with a testing tool.

Luckily, for everyone involved, we have the technology today to find potentially harmful coding errors before they can cause harm. But that hasn’t always been the case.

(More))