Faction Security

We just released Faction1.74!! 🧨 which has several improvements you’ve been asking for, like faster report generation and extra visibility features. #appsec #pentesting #redteam #vulnerability

github.com/factionsecur...

Vibe Coding Faction Extensions at PhreakNic 26 I just got back from speaking at PhreakNic 26 where I vibe coded a GitHub Faction Extension live while also speaking about my many…

Did you know you how easy it is to integrate your #pentest reporting into any other system, like GitHub or JIRA.

We'll show you how you can vibe code your assessments using Faction Extensions!

#appsec #pentesting #cysbersecurity #owasp #redteam #hacking

we-are-faction.medium.com/vibe-coding-...

Black Hat 2025 Arsenal Experience I know this post is kind of late, but I’m just now getting around to posting about my Black Hat USA 2025 and SECTOR 2025 Arsenal…

I just did a quick post about my #blackhat and #sector arsenal experiences this year.
#opensource #bh2025 #sector2025

medium.com/@we-are-fact...

OWASP Faction 1.7 — Major Updates for Enterprise Security Teams For Enterprise Penetration Testing teams and Security Consulting Firms managing dozens — or hundreds — of assessments simultaneously…

We just released OWASP Faction 1.7 with lots of new features and bug fixes to help automate manual penetration testing and make reporting even easier.

we-are-faction.medium.com/owasp-factio...

#pentesting #cybersecurity #applicationsecurity #redteam #hacking #appsec #owasp

About to present Faction at SecTor Arsenal at 4 eastern. Hope to see you there.

#appsec #blackhat #sectorca #redteam.

Lots of new things coming to Faction 2.0 Very Soon. We are excited to share a little preview.
Follow us for more updates.
#pentesting #appsec #redteam #hacking #vulnerabilitymanagement

I'm excited to be presenting at SecTor Arsenal! I'll be demoing OWASP Faction, an open source pen-testing collaboration framework.
Hope to see you there!

#SECTORCA #appsec #owasp #cybersecurity #blackhat #pentesting

Great views from the level up party last night. #blackhat2025 #blackhat.

Greetings from BlackHat 2025! If you’re attending this year come check out my talk on OWASP Faction, Thursday at noon - Arsenal station 3! #pentesting #owasp #hacking #blackhat2025 #redteam #appsec

#BlackHat Arsenal was awesome!!! 🎉🎉🎉🍺🍺🍺Thanks to all that came to my talk. I forgot to bring stickers with me but will be giving them out at #Defcon. Look for them in the usual spots or DM me.
#owasp #appsec #redteam #pentesting

@factionsecurity.com

🎉 I'm excited to be presenting Faction at BlackHat Arsenal 2025! 🚀

Come by Thursday Aug 7th 12-12:55 am to see what Faction can do for you and get some STICKERS!!!
#hacking #pentesting #blackhat #BH2025 #appsec

www.blackhat.com/us-25/arsena...

🎉 Faction 1.6 is Here — Powerful New Features for Open Source and Enterprise Users

Lots of updates that brings major improvements that make #pentest reporting more flexible and tailored to your needs.

docs.factionsecurity.com/blog/2025/07...
#appsec #redteam #opensource #cybersecurity #hacking

Releases · factionsecurity/faction Pen Test Report Generation and Assessment Collaboration - factionsecurity/faction

🚀 OWASP Faction 1.5.2 is live!
This is a major update with improvements to help you deliver more streamlined and professional assessments.
What’s new?
✅ Checklist Improvements
🔐 SAML Authentication
📝 Better Markdown Handling

github.com/factionsecur...

#AppSec #Cybersecurity #OWASP #redteam

10 Burp extensions I actually use... BUT none of them are in the top 30 most popular in the BApp Store!

I get tired of seeing the same extensions come up in "top 10" lists. Here are some hidden gems you might not have tried... yet. In no particular order.

🧵👇

Happy to announce that Faction is now an #OWASP Project!!! 🚀

#appsec #applicationsecurity #pentesting #vulnerability #cybersecurity #redteam #hacking

owasp.org/www-project-...

Automate Pentest Reports and AppSec Posture Management (ASPM) Automate PenTest Reporting and AppSec Posture Management (ASPM) for penetration testers, red teams, and application security teams.

It’s a new year and time to start the year off right by automating your manual #pentest with Faction. 🎉🍾💥

We got a lot of cool stuff planned for this year! We’ll be releasing more info in the coming months. Stay tuned!

#appsec #redteam #hacking

www.factionsecurity.com

Happy holidays from us at Faction Security!!! 🎄🤶🎁

Hope you get some downtime so you hack all the things next year!

#cybersecurity

We just released Faction 1.4! 🚀

If you're currently using Enterprise or Teams versions, then you have already been upgraded 🎉

This release includes bug fixes in pentest report peer reviews and fixes several CVE's.

Find out more: www.factionsecurity.com

#appsec #redteam #hacking #cybersecurity

Automate PenTest Reports with Boilerplates If you have been doing penetration testing for any length of time, you probably have a personal database of vulnerability descriptions…

We published a blog post on how to automate boilerplate text in your #pentesting reports using the #opensouce security tool, Faction. Check out the link below!

we-are-faction.medium.com/automate-pen...

#appsec #infosec #redteam #pentest #hacking #hacking-tools #security-tools

I agree, I’ve seen a lot of reports where the severity did not match the complexity of the attack or address compensating controls. If you can’t prove that an outside attacker can gain access to the resource you exploited then it should be rated as a recommendation to improve security posture

GitHub - Spix0r/fback: This is a useful Python script for generating a target specific wordlist for fuzzing backup files. This is a useful Python script for generating a target specific wordlist for fuzzing backup files. - Spix0r/fback

I've developed a Python tool called Fback that generates wordlists for fuzzing backup files. It takes a JSON-based pattern file and a seed wordlist as input and produces a target-specific wordlist as output. Github: github.com/Spix0r/Fback

#bugbounty #bugbountytools #cybersecurity

Hey #cybersecurity, we are building opensource tools to help streamline #pentesting assessments. We realize every company is different.

We want to know where your pain points are and what would make your life as a #pentester easier. Reply or DM us your feedback.

#infosec #appsec #redteam

Slashdot is now on Bluesky!

DEF CON 32 - SQL Injection Isn't Dead Smuggling Queries at the Protocol Level - Paul Gerste YouTube video by DEFCONConference

This was one of our favorite talks from #defon32. This is a really clever approach to getting SQL injection at the protocol level.
#appsec #sqlinjection #hacking #applicationsecurity

www.youtube.com/watch?v=Tfg1...

Happy thanksgiving for all that celebrate! 🦃

21st November | Open Source Gardening | Live with Anchore Devs YouTube video by Anchore

We're 🌟live🌟 in five, working on Open Source. 🌱
Join us with questions, comments & your important Syft & Grype bugs! 🐞
www.youtube.com/watch?v=hCRt...
#sbom #opensource #security

Building An Appsec Program From Scratch - Mireia Cano Building an Appsec Program from Scratch In today's digital landscape, application security is crucial for safeguarding sensitive data and maintaining user trust. Without a robust AppSec program, or with one poorly implemented, chaos can ensue, leading to vulnerabilities and breaches. This talk explo

Ready to level up your cybersecurity skills? 💻📈

Mireia Cano teaches us how to build an AppSec program at #WICCON2024!

Level up here: www.youtube.com/watc...

#CyberSecurity #WomenInTech

How to Automate Pentest Reporting Using Faction Faction is an open-source security assessment collaboration framework designed to streamline and enhance your security workflows. With…

We got a story up on @medium.com! Learn out how to create your first #pentest report using Faction:
we-are-faction.medium.com/how-to-autom...

#appsec #redteam #informationsecurity #infosec #pentesting #ethicalhacking

The Technology the Trump Administration Could Use to Hack Your Phone Other Western democracies have been roiled by the use of spyware to target political opponents, activists, journalists, and other vulnerable groups. Could it happen here?

Must read of the week: Ronan Farrow is looking at how governments (including the US) use spyware tech on individuals, activists, and journalists. www.newyorker.com/news/news-de...

When building your #pentest reports, Do you prefer CVSS scoring, critical/high/med/low, or something else to explain the severity of a finding?

#appsec #infosec #redteam #infosec