877.791.9571 |

About the Author:

Rohit (@rorot333) is an Information Security Professional with 5 years of experience in Penetration testing & Vulnerability assessments of web and mobile applications. He is currently a security researcher at Infosec Institute. Twitter: @rorot333 Email: rorot33@gmail.com.

Session Hijacking Cheat Sheet

‘Session Hijacking’ is an old and routine topic in the field of application security. To make it more interesting, in this article, we are going to focus on different […]


Understanding Disk Encryption on Android and iOS


Mobile devices these days handle lots of sensitive information – messages, photos, contacts and more. The question about how this data is stored on the device will obviously arise, […]


XXE Attacks


XXE (XML External Entity attack) is now increasingly being found and reported in major web applications such as Facebook, PayPal, etc. For instance, a quick look at the recent […]


Padding Oracle Attack

Firstly, this vulnerability is not related to the Oracle database or the Oracle Company in any way. In cryptography, an ‘oracle’ is a system that performs cryptographic actions by […]


Can My JavaScript Access Your Page Elements?

We all know that by using JavaScript you can do many things, for example read elements on a page, analyze the DOM, etc. Now assume that you logged into […]


ECC: A Case for Mobile Encryption


It is needless to start this article by talking about the rise of mobile devices in the last few years. We all know how smart phones have swept the […]



In the first part of SSL attacks, we have seen details about two attacks, namely BEAST (browser exploit against SSL/TLS attack) and SSL renegotiation attack. In this second part, […]



In the last few years, we have witnessed a wide range of attacks on the SSL/TLS mechanism. In this article, we will try to cover various attacks that were […]


The Breach Attack


Back in 2012, when Juliano Rizzo and Thai Duong announced the CRIME attack, a TLS / SSL Compression attack against HTTPS, the ability to recover selected parts of the […]


Android Master Key Vulnerability—PoC

The recently discovered master key vulnerability in Android has given a jolt to the Android team and other parties involved. This vulnerability allows attackers to inject malicious code into […]


Demystifying HTML 5 Attacks

HTML5 is one of the promising new key technologies that powers the web. Though it is still under development, HTML5 is high in demand especially given the fact that […]

Android Forensics

The article tries to cover various Android forensic techniques that can be helpful in a variety of situations. The techniques or discussions below can be either logical or physical. […]


InfoSec Institute Interview: Satish Shetty of Codeproof Technologies

Satish Shetty is the founder and CEO at Codeproof Technologies Inc. – a company that delivers the first ever cloud-based software as a service security for mobile devices. Earlier, […]


GFI LanGuard – Network Security Scanner


In a corporate environment, every computer connected to the network poses a security threat. As more and more computers get added into the network each day, the security risk […]


Linux Hardening

This article aims to provide a general list of security issues that should be considered when you are auditing a Linux system or when you are hardening an existing […]


Android Security

Android is an open source mobile platform that includes an operating system, middleware and applications. Android has revolutionized the mobile world in a big way. Android, which started as […]


Mobile Security – Basic Challenges

“Data stored on the device is worth more than the device”


The above quote might well apply to desktops and laptops as well. But it’s much more probable that […]


Owasp ZAP


ZAP is an open source tool designed to help security professionals as well as developers to find out the security vulnerabilities present in the web application. The only reason […]


Free Web Application Scanners, Part 2

In the first part of this article, we have seen the need for free web application scanners and also we have looked into a few tools which are available […]


Interview with Caleb Barlow – Director of Application, Data & Mobile Security @ IBM Security Division

Caleb Barlow is currently the director of Application, Data and Mobile Security in the IBM Security division. Earlier he acted as the director of Unified Communications and Collaboration, SMB […]