877.791.9571 |

About the Author:

Rohit (@rorot333) is an Information Security Professional with 5 years of experience in Penetration testing & Vulnerability assessments of web and mobile applications. He is currently a security researcher at Infosec Institute. Twitter: @rorot333 Email: rorot33@gmail.com.
Encryption

Understanding Disk Encryption on Android and iOS

Introduction

Mobile devices these days handle lots of sensitive information – messages, photos, contacts and more. The question about how this data is stored on the device will obviously arise, […]

XXEattack10152014

XXE Attacks

Introduction

XXE (XML External Entity attack) is now increasingly being found and reported in major web applications such as Facebook, PayPal, etc. For instance, a quick look at the recent […]

PaddingOracleAttack07252014

Padding Oracle Attack

Firstly, this vulnerability is not related to the Oracle database or the Oracle Company in any way. In cryptography, an ‘oracle’ is a system that performs cryptographic actions by […]

javascript03252014

Can My JavaScript Access Your Page Elements?

We all know that by using JavaScript you can do many things, for example read elements on a page, analyze the DOM, etc. Now assume that you logged into […]

cryptography01232014

ECC: A Case for Mobile Encryption

Introduction:

It is needless to start this article by talking about the rise of mobile devices in the last few years. We all know how smart phones have swept the […]

InvalidSSL12092013

SSL ATTACKS: Part 2

In the first part of SSL attacks, we have seen details about two attacks, namely BEAST (browser exploit against SSL/TLS attack) and SSL renegotiation attack. In this second part, […]

SSL-Attacks10282013

SSL ATTACKS

In the last few years, we have witnessed a wide range of attacks on the SSL/TLS mechanism. In this article, we will try to cover various attacks that were […]

SSL-02052013

The Breach Attack

Introduction

Back in 2012, when Juliano Rizzo and Thai Duong announced the CRIME attack, a TLS / SSL Compression attack against HTTPS, the ability to recover selected parts of the […]

AndroidMasterKey08282013

Android Master Key Vulnerability—PoC

The recently discovered master key vulnerability in Android has given a jolt to the Android team and other parties involved. This vulnerability allows attackers to inject malicious code into […]

html5_logo-06282013

Demystifying HTML 5 Attacks

HTML5 is one of the promising new key technologies that powers the web. Though it is still under development, HTML5 is high in demand especially given the fact that […]

Android Forensics

The article tries to cover various Android forensic techniques that can be helpful in a variety of situations. The techniques or discussions below can be either logical or physical. […]

CODEPROOF-LOGO-03262013

InfoSec Institute Interview: Satish Shetty of Codeproof Technologies

Satish Shetty is the founder and CEO at Codeproof Technologies Inc. – a company that delivers the first ever cloud-based software as a service security for mobile devices. Earlier, […]

GFILanguard-02212013

GFI LanGuard – Network Security Scanner

Introduction:

In a corporate environment, every computer connected to the network poses a security threat. As more and more computers get added into the network each day, the security risk […]

Linux-Hardening-sized

Linux Hardening

This article aims to provide a general list of security issues that should be considered when you are auditing a Linux system or when you are hardening an existing […]

android-security-sized

Android Security

Android is an open source mobile platform that includes an operating system, middleware and applications. Android has revolutionized the mobile world in a big way. Android, which started as […]

Smart-Phone-sized

Mobile Security – Basic Challenges

“Data stored on the device is worth more than the device”

Introduction

The above quote might well apply to desktops and laptops as well. But it’s much more probable that […]

penetration-testing

Owasp ZAP

Introduction

ZAP is an open source tool designed to help security professionals as well as developers to find out the security vulnerabilities present in the web application. The only reason […]

istock-web-lock-chain

Free Web Application Scanners, Part 2

In the first part of this article, we have seen the need for free web application scanners and also we have looked into a few tools which are available […]

featured-barlow

Interview with Caleb Barlow – Director of Application, Data & Mobile Security @ IBM Security Division

Caleb Barlow is currently the director of Application, Data and Mobile Security in the IBM Security division. Earlier he acted as the director of Unified Communications and Collaboration, SMB […]

istock-web-lock-chain

Free Web Application Scanners, Part 1

With the rapid increase in technology usage, every company is desperate to provide their services over the Internet. They believe that by offering their services online they come closer […]