True Positives Supports OWASP PTK
We’re excited to announce our support and collaboration with the OWASP Penetration Testing Kit (“PTK”), an Incubator Project of the OWASP Foundation. Because PTK is a cross-browser extension instead of a standalone tool, it is the fastest and most efficient way to test web applications for security vulnerabilities.
PTK handles authentication with normal user sessions—all users have to do is install the extension and start their tests. PTK helps penetration testers, Red/Blue/Purple Teams, and application security practitioners test web applications for security vulnerabilities. Because it is so easy to install and use, it is also ideal for developers to either quickly test their code, or replicate previously identified vulnerabilities.
How PTK Works
The tool provides insightful information about a technology stack, security headers, crawled links, and domains. It includes a detailed traffic log so users can repeat requests in the R-Builder, or attacks to the R-Attacker, and execute XSS, SQL, or OS Command injections on any request. It also has macro and traffic recording, bootstrap authentication to bypass MFA/Captcha, a Swagger Editor, JSON Web Token attacks, and more.
PTK gets frequent updates, with a significant new release coming this summer to integrate with Selenium.
Where Does True Positives Fit In?
To ensure the scope and strength of PTK’s capabilities, True Positives will conduct targeted research and supply software security expertise and engineering support. We also plan to make PTK available to visitors of their website: www.true-positives.com/PTK
About True Positives, LLC
True Positives (aka T+) is an application security consultancy specializing in test automation and assurance services. We support security teams and toolmakers alike to help the entire industry shift left and beyond.
Call: (360) 557-3918