In general, web developers care for some common vulnerability in web applications. But there are some dangerous and less known vulnerabilities, which widely exist on
Preview Sharing source code with peers is one thing; sharing secrets over a public medium is another. The all-seeing eye of Google has no mercy,
During penetration testing, the main objective of the auditor is to exploit and gain access. For that to happen, it is required to have some
In the first part of this article, we discussed the iPhone application traffic analysis. In this part, we will take a look at the privacy
Web application security is always an important topic to discuss because websites seem to be the first target of malicious hackers. Hackers use websites to
Nowadays, every organization uses digital data storage and web application to manage and update data. As internet usage increases, it is important to digitize everything
With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a
Web Application Security: A Beginner’s Guide provides IT professionals with an actionable, rock-solid foundation in Web application security–from a complete overview of the tools and
During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing,
Web based interfaces are convenient for managing networking equipment, but under no circumstances should these be open to the world and the internet. Many networks
Clickjacking is one of the most used attacks by spammers on Facebook. Almost in every month, we face a new type of clickjacking attack on
Web Application vulnerabilities in social networking sites are very common these days. In this article, we will discuss a vulnerability found in social networking sites
When I communicate with programmers who are writing a code for custom applications, I often wonder how carelessly they relate to the issue of safety
Why use GWT? Most modern web applications utilize an AJAX functionality of some sort to make them highly interactive and to have a user interface
The pcAnywhere source code leaked out onto the internet late January 2012 includes 47,021 files weighing in at 1.3GB. The October 2006 snapshot provides an
I have a pet hate. This is something that really annoys me when I get a new laptop, which if you ask my girlfriend is
Summary Android’s increasing popularity, combined with the possibility to create alternative markets, makes this platform a fertile ground for malware authors. While most of these
This article focuses specifically on the techniques and tools that will help security professionals understand penetration testing methods for iPhone applications. It attempts to cover
Once upon a time there was no Internet and there was no concept of the Web. But time has passed and today we have a
Burp Suite is one of the best tools available for web application testing. Its wide variety of features helps us perform various tasks, from intercepting
For several years now, there has been an explosive increase in the use of mobile applications. Included in this staggering increase of mobile software are
Managing security is managing risk. As explained in Chapter 1, Security ensures the confidentiality, integrity, and availability of information assets through the reasonable and appropriate
Malware comes in different sizes and shapes. Trojans, worms, viruses, downloaders, and others are becoming more common than common cold medicine. These malware are mixed
In this article we will look at how we can insert vulnerabilities in web applications. Why? There are basically two reasons. Firstly, it allows us
Web applications today suffer from a variety of vulnerabilities. Cross Site Scripting (XSS) is one of the most prevalent web application security flaws, yet possibly
In our first article, we reviewed the basics of fuzzing as well as the mutation and generation technique. We have also introduced the PeachFuzzer, which
Some Random Number concepts: “Random numbers” means numbers which are random in practice (i.e. unpredictable and non – reproducible). As simple this term looks when
Far too often we will download an API (Application Programming Interface) from Programmable Web, or download an SDK like the Facebook SDK and not worry
Over the last month there has been a minor if interesting discussion about the use of Facebook Connect and the idea that it does not
Introduction Read more… (2988 words, 16 images, estimated 11:57 mins reading time) This is a preview of SQL Injection: The Equal Opportunity Vulnerability. Read the
Introduction: In this paper we will discuss HTTP Response Splitting and how the attack can actually be carried out. When we’re clear about how it
Security professionals have all heard, read, and in some instances, directly felt the impact of insecure or vulnerable applications. Whether they originate from an internal,
In the previous article, we discussed forming a SOAP request based off the operations listed in a WSDL file and automating this task with Buby
Background: I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web
Description: Parsing the OWASP Top Ten with a closer look at Failure to Restrict URL Access Introduction Per our discussion of OWASP Top 10 Tools
One of the biggest problems that businesses and individuals face today is the cost of web application security. It is not uncommon in the UK,
Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF). No freely available or open source tools "automagically" discovers CSRF
Description: Using grep to find common web application vulnerabilities within your applications. Introduction It is a common misconception that companies need to purchase complicated and
Description: A tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten Introduction If you’ve spent