Pentesting Blazor Server Apps
Najam ul Saqib
340
Reputation points
Hi, I came across a web app that is using Blazor Server, all the communication is happening through SignalR. Now in traditional web apps, pentesters use ZAP/Burp to intercept the traffic and manipulate with it. i.e. test access controls by toggling the IDs, etc but here the communication is happening via websockets first, and second it is in binary format which is not readable. What's the best way to pentest our blazor server apps to make sure they're battle hardened and secure?
Sign in to answer