WebApp – Page 2 – Ryan Wendel

Burp Suite Tips – Volume 1

Ryan Wendel / April 23, 2019

I’ve been meaning to compile a bunch of Burp Suite tips for a while now. Stuff I’ve learned from others and things I’ve picked up along the way. This is the first installment of such helpful tips. I’ll be looking to pump out at least three posts…

Continue Reading→

Hunting Sensitive Web Files

Ryan Wendel / October 5, 2018

Something I like to do when testing a web application is to look for sensitive files that have been placed in web-exposed directories. Application administrators sometimes leave files in places they shouldn’t that contain information which may help advance your attack chain. Source code, configuration files, and…

Continue Reading→

Looking at CSRF and XSS with default Javascript and jQuery

Ryan Wendel / September 4, 2018

I’ve been procrastinating finalizing some basic research and putting my thoughts into a blog post regarding Same Origin Policy (SOP), Cross Origin Resource Sharing (CORS), Cross-Site Scripting (XSS), Cross-site Request Forgery (CSRF), and Content Security Policy (CSP). I am hoping to spend some more time on it…

Continue Reading→

Web Application Lab – Vulnerable PHP Scripts

Ryan Wendel / April 29, 2018

This is the second post in a series where I look to create a framework to build and test proof-of-concepts in hopes of gaining a deeper understanding of various web application fundamentals. In this post I’ll introduce a few vulnerable scripts you can use to research various…

Continue Reading→

Web Application Lab – Proof-of-Concept Infrastructure

Ryan Wendel / April 15, 2018

I’ve been working with web applications quite a bit lately and have been finding myself wanting to work with proof-of-concepts in order to explore certain types of vulnerabilities and attacks. I decided to work with the Apache web-server and PHP (on CentOS) to help with my journey.…

Continue Reading→

Recursive gobuster script

Ryan Wendel / August 6, 2017

I was working on some automated tasks to include in my workflow and realized I wanted to use gobuster for launching dictionary-based enumeration on targets. I was currently using dirb for this but gobuster seems to be the faster tool to use. I fell behind on my…

Continue Reading→

Pulling web hosts from Nessus output

Ryan Wendel / July 20, 2017

I hacked a python script together to parse out web hosts (and their corresponding URLs) from nessus XML output. I’m using this as part of my pentesting workflow to feed to other web-based tools like, EyeWitness, Nikto, dirb, gobuster, etc. Feed it a single argument that points…

Continue Reading→

Ryan Wendel

My random musings on tech and whatever…

Tag: WebApp

Burp Suite Tips – Volume 1

Hunting Sensitive Web Files

Looking at CSRF and XSS with default Javascript and jQuery

Web Application Lab – Vulnerable PHP Scripts

Web Application Lab – Proof-of-Concept Infrastructure

Recursive gobuster script

Pulling web hosts from Nessus output


Ryan Wendel currently operates as an AWS Solutions Architect for Trek10, an AWS Premier Consulting Partner. His primary interests and areas of technical expertise encompass AWS cloud architecture and web application security. Outside of his interests in technology, Ryan enjoys taking time off to snowboard, bike, lift weights, climb, hike, and enjoy the many delicious craft brews the Denver, CO area has to offer.