Building a Custom Risk Prioritization and Risk Scoring Methodology with Surface Command

Over the 15 years I spent as a practitioner and consultant prior to joining Rapid7, a metric that I found to be ever elusive was a true custom prioritization score. You could get close- with enough time, energy, spreadsheets, and logs. But even then it wasn’t without fault. There were still...

OWASP OWTF – Offensive (Web) Testing Framework

The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call "tool X", parsing results of "tool X" manually to feed "tool Y", etc. By reducing this burden I hope pen testers will have more time to: See the big pictur...