WebApp – Ryan Wendel

Jumping into React, Node, MongoDB, and AWS S3

Ryan Wendel / February 9, 2021

So I finally got around to working with some technologies that have been on my hot-list for quite some time. NodeJS, React, and MongoDB see a lot of use in the application development industry and it was high time I put my nose into them. I decided…

Continue Reading→

DNS Exfiltration using SQLMap in a Microsoft SQL Environment

Ryan Wendel / February 27, 2020

You may have seen my last post related to DNS exfil in a MS-SQL environment using Burp Suite’s Collaborator tool. I had mentioned that spinning up a DNS infrastructure that allows you to perform DNS exfil outside of this tool can be difficult. I was quickly notified…

Continue Reading→

DNS Exfiltration thru Blind SQL Injection in a MS-SQL Environment

DNS Exfiltration through Blind SQL Injection in a MS-SQL Environment Using Burp Collaborator

Ryan Wendel / February 20, 2020

I had an engagement the other week where I discovered a few instances of Blind SQL Injection in a .NET application with a Microsoft SQL Server (MS-SQL) back-end database system. The underlying account user had “sysadmin” privileges but due to the reservations of my client, I chose…

Continue Reading→

Using Burp's Cookie Jar for Java Web Tokens

Using Burp Suite’s Cookie Jar for JSON Web Tokens

Ryan Wendel / September 7, 2019

I was going over an application I wrote prepping for my upcoming class and realized the shortcoming’s of Burp’s default session handling mechanisms. Not to knock Burp, but working with a Single Page Application (SPA) that makes calls to several APIs using a JSON Web Token (JWT)…

Continue Reading→

On the War Path! – Basic Application Recon

Ryan Wendel / May 9, 2019

Some of the earlier tasks I work through when assessing a web application revolve around enumerating the available attack surface my target has to offer. There are a few easy ways to quickly find paths offered by an application. robots.txt The first of these would be examining…

Continue Reading→

Burp Suite Tips – Volume 2

Ryan Wendel / May 1, 2019

So on to the second leg of this journey. You can find the first installment of my Burp Suite Tips series at the following link. Burp Suite Tips – Volume 1 Viewing Target and Repeater Using Tabs I much prefer viewing the Target and Repeater tabs using…

Continue Reading→

Fun with Burp Suite Session Handling, Extensions, and SQLMap

Ryan Wendel / April 30, 2019

I’ve been a little obsessed with the session handling tool-set that Burp Suite provides. I’ve been running into web applications that aggressively tear down (de-authenticate) sessions for any number of given reasons. Could be the volume of requests sent, malicious input, time-based, accessing a certain section of…

Continue Reading→

Ryan Wendel

My random musings on tech and whatever…

Tag: WebApp

Jumping into React, Node, MongoDB, and AWS S3

DNS Exfiltration using SQLMap in a Microsoft SQL Environment

DNS Exfiltration through Blind SQL Injection in a MS-SQL Environment Using Burp Collaborator

Using Burp Suite’s Cookie Jar for JSON Web Tokens

On the War Path! – Basic Application Recon

Burp Suite Tips – Volume 2

Fun with Burp Suite Session Handling, Extensions, and SQLMap


Ryan Wendel currently operates as an AWS Solutions Architect for Trek10, an AWS Premier Consulting Partner. His primary interests and areas of technical expertise encompass AWS cloud architecture and web application security. Outside of his interests in technology, Ryan enjoys taking time off to snowboard, bike, lift weights, climb, hike, and enjoy the many delicious craft brews the Denver, CO area has to offer.