With our two open-source BurpSuite extensions FlowMate and the Cyber Security Transformation Chef (CSTC) we want to step up penetration testing of web applications to the next level. FlowMate is a plugin that helps to identify all data flows of a application by only analyzing requests to and responses from the target. In the background it creates a graph you can browse visually to identify data flows to test for injection vulnerabilities. The CSTC like the swiss-army knive for pentesting. It enables you to define custom recipes that can be applied to outgoing or incoming requests. This gives you the possibility to alter HTTP messages in transit in various ways. The only limit here is your creativity.
Senior Consultant IT-Security at usd AG
Florian Haag is a senior security consultant at usd AG with experience in penetration testing, software security assessments as well as code reviews.
Security Consultant & Head of usd HeroLab // usd AG
Matthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
- Catching the Clones – Insights in Website Cloning Attacks, Risk Connect Conference, 2021
- Path MTU Discovery Considered Harmful, IEEE 38th International Conference on Distributed Computing Systems (ICDCS), 2018
- Tor Experimentation Tools, IEEE Security and Privacy Workshops, 2015
- On randomness testing in physical layer key agreement, IEEE 2nd World Forum on Internet of Things (WF-IoT), 2015