DEV Community

Cover image for Clearing the Way for Proactive Code Security Testing
Brian Pavicic for True Positives, LLC.

Posted on

Clearing the Way for Proactive Code Security Testing

To clients and the broader AppSec community, it is True Positive's mission to deliver precise and affordable software security testing solutions.

One offering enormous potential benefits to the DEV community is the OWASP Penetration Testing ToolKit (aka PTK), an open source tool made freely accessible by T+.

With PTK, you can unlock breakthrough browser-enabled security analysis to supercharge security testing to:

  • Effortlessly discover potential security bugs.
  • Go deeper to verify bugs and expose hidden threats.
  • Inform remediation and test fixes.

OWASP PTK: Key Capabilities & Features

Insightful Information: Get one-click access to insightful information about the target application, including its technology stack, Web Application Firewalls (WAFs), security headers, crawled links, and authentication flow.

In-Browser Runtime Scanning: PTK offers Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) scanning within your browser. Detect SQL Injections, Command Line Injections, Stored and Reflected Cross-Site Scripting (XSS) vulnerabilities, and more. It even identifies complex threats like SQL Authentication Bypass, XPath injections, and JWT attacks.

Proxy with Traffic Log: PTK includes a proxy with a detailed traffic log. This log allows you to repeat any request in the R-Builder or send it to the R-Attacker. You can automate the execution of Cross-Site Scripting (XSS), SQL injection, or OS Command injections.

Request Builder for Request Tampering: The extension includes R-Builder, a powerful tool that allows you to craft and manipulate HTTP requests with precision. It empowers you to execute complex maneuvers, including HTTP request smuggling attacks, for a comprehensive assessment of application vulnerabilities.

Cookie Management: PTK includes a cookie editor, allowing you to manage cookies efficiently. Add, edit, remove, block, protect, export, and easily import cookies.

Decoder/Encoder Utility: The integrated utility helps you manage encoding and decoding from and to various formats, including UTF-8, Base64, MD5, and more.

Swagger.IO Integration: We've integrated Swagger.IO to enhance your understanding of API documentation. Easily create requests to interact with API endpoints.

Selenium Integration: With Selenium integration, PTK aids in identifying security risks at the early stages of the development cycle, ensuring robust security from the outset.

Tool Roadmap. Coming December 2023.

JWT Inspector: We've added a crucial new feature – JWT Inspector. It empowers you to analyze JSON Web Tokens (JWT), build new tokens using different algorithms (including None algorithm), and generate public and private keys for JWT signing.

Get the OWASP PTK open-source tool free here.

Explore the feature-enhanced edition, PTK Plus(PTK+) .

Question? ](ptk-support@ptk-plus.io)

Top comments (0)