Author Archives: Joseph McCray Jr.

About Joseph McCray Jr.

Things I love - My family (of course), Hacking, Basketball, Martial Arts....I'm a work-a-holic - deal with it.

WAVSEP – Web Application Vulnerability Scanner Evaluation Project

Posted on September 19, 2011

I have to admit that I really think this is a good idea. Shay Chen (@sectooladdict) has put together a project to evaluate Web Application Vulnerability scanners. He calls it WAVSEP. The project is currently being hosted on Google code. … Continue reading

Posted in Cross Site Scripting, SQL Injection | Tagged , , , | Leave a comment

Cross Site Scripting – So what?

Posted on September 12, 2011

Ok – so I decided to put in a few things about Cross Site Scripting. I wanted to give you enough information to be able to both understand XSS, and more importantly do it against a modern application protected by … Continue reading

Posted in Cross Site Scripting | Tagged , , , | Leave a comment

Advaned SQL Injection Presentation

Posted on September 12, 2011

I did this talk a few years ago before I started Strategic Security. I love the subject of SQL Injection, I’ve spoken on it a lot and people often ask me for my slides. If you’d like my slides you … Continue reading

Posted in SQL Injection | Tagged , , , , | Leave a comment

Metasploit JSP Shells

Posted on September 12, 2011

The Strategic Security rookies are hard at work. This is one of many blog posts that you’ll be seeing from them. I hope you enjoy it, and if you find technical errors in it please let me know so I … Continue reading

Posted in File Handling Vulnerabilities | Tagged , , | Leave a comment

Welcome to Web App Pentest

Posted on August 14, 2011

I really hope that people will enjoy and learn from this website. For me as a Network Penetration Tester for several years it was REALLY hard to transition to doing web application penetration tests. I really didn’t have a strong … Continue reading

Posted in Uncategorized | Leave a comment