usagehints

How-to's and external docs

Burp Intruder and OWASP Zap

• Security Ninja tutorial for Burp Intruder - http://www.securityninja.co.uk/burp-suite-tutorial-intruder-tool-version-2
• Security Ninja Burp Suite Repeater and Comparer tutorial - http://www.securityninja.co.uk/burp-suite-tutorial-repeater-and-comparer-tools
• How to use FuzzDB's regex/errors.txt in burpsuite intruder to find more bugs https://github.com/fuzzdb-project/fuzzdb/wiki/regexerrors
• Burp Intruder docs http://portswigger.net/intruder/help.html
• Burp Suite with Google Android Emulator http://cktricky.blogspot.com/2010/04/android-emulator-burpsuite.html
• Introducing FuzzDB https://blog.mozilla.org/security/2013/08/16/introducing-fuzzdb/
• Using FuzzDB for testing website security https://blog.mozilla.org/security/2014/03/25/using-fuzzdb-for-testing-website-security/

File and Directory Discovery

• Interesting new way to identify directories that exist http://soroush.secproject.com/blog/2010/05/new-method-role-of-the-%E2%80%9C%E2%80%9D-character-in-mapping-the-website-directories/