Exploring Prompt Injection Attacks

Have you ever heard about Prompt Injection Attacks[1]? Prompt Injection is a new vulnerability that is affecting some AI/ML models and, in particular, certain types of language models using prompt-based learning. This vulnerability was initially reported to OpenAI by Jon Cefalu (May 2022)[2] but it was kept in a responsible disclosure status until it was … Continue reading Exploring Prompt Injection Attacks →

How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension

In this post we show how to import WStalker output into Burp Suite and the Logger++ extension to build a sitemap from a recorded session for use in Intruder and Repeater.

Tool: WStalker – an easy proxy to support Web API assessments

Have you ever faced a situation where you have a number of web services to test but no one is able to provide full working examples of each API call? WStalker is a work aid to help developers / functional testers record API traffic to help facilitate security assessments by security testers and other tooling.