Establishing a penetration testing methodology is becoming increasingly important when considering data security in web applications. The more we come to rely on networked communication and cloud-based data systems, the more we leave ourselves vulnerable to potentially damaging cyber attacks by outside parties.
While designing and safeguarding secured systems has […]
Take a moment and think about how many different passwords you use. Most of us have Google, Facebook, and Twitter accounts. Hopefully, your user accounts on both your home and work PCs are password protected. It’s probable that you use your Google, Facebook, and Twitter accounts to authenticate with […]
In this article, we will look at how we can analyze network traffic for applications that use certificate pinning. One of the best definitions I found of certificate pinning is mentioned below. It is taken directly from this url.
By default, when making an SSL connection, the client checks that […]
In this article, we will look at another cool utility named iDB for pentesting iOS applications.
Before that, i would like to apologize for coming up late with this article. A lot of you have been requesting articles on different topics and i promise that i will write on them […]
For those of us in the information technology field, there are two reasons why we should understand operating system fingerprinting.
The first reason is to better design and implement security controls in networks and local machines.
The second reason is that effective OS fingerprinting is a vital penetration testing skill.
If an […]
OWASP Practice is a virtual environment to help people who want to begin their journey into web application security. Lots of material including videos are available on the Internet, both for free and for a fee, that teach web application security in a good manner. But this project has […]
In my previous article, I explained what happened to the evolution of malware when microcomputers started to become a major presence in small offices and households. That coincided with the exploding popularity of Microsoft’s MS-DOS and Windows 3.1. The file systems they were based on, FAT16 and later on, […]
In this series of articles so far, we have discussed various techniques to identify and exploit vulnerabilities in Android applications. In the previous article, we have seen how to exploit debuggable Android applications. In this article, let’s discuss the vulnerabilities associated with Android WebViews.
Introduction to Android WebViews
Implementing WebViews […]
In the previous article, we have seen how to debug Java applications using a little tool called JDB. In this article, we will apply the same logic to exploit Android apps, if they are flagged as debuggable. If an application is flagged as debuggable, we can inject our own […]
In the last couple of years there has been a boom in cloud computing, but mainly just the term is new, as we’ve been using cloud services for years without even realizing it. Almost every cloud, whereas it’s Saas, PaaS or IaaS, implements some kind of API (Application Programming […]
In our last part of this series (Android Application Security Testing Guide: Part 1), we discussed static analysis of Android APK files on the security background, and we tried to find any sensitive information which we can collect. In this part, we will head to our second phase, i.e. […]
Are you a Backtrack/Kali freak? Ever thought of having a similar distribution in your arsenal dedicated for Android Security? “Android Tamer” is the solution to fulfill your needs.
What is Android Tamer?
Android Tamer is a Linux based distribution developed for Android Security Professionals. This distribution is based on Ubuntu 10.04LTS, […]
In the previous articles, we have seen how applications like Snoop-it can trace method calls specific to the application at runtime. This is very important in deducing the flow of the application. The same process can be performed by using a perl script named Logify.pl that comes installed with […]
This paper is designed to demonstrate the common IIS web server security specifications in the form of a checklist that aids web masters or penetration testers to implement a secure web server infrastructure swiftly. It is mandatory for a web application to be duly full proof from vicious attacks […]
In some of the previous articles in this series, we have looked at how we can modify the behaviour of an application by patching it using IDA Pro, Hopper etc. However, doing this hasn’t been quite straightforward always. We can also use Cycript to modify the behaviour of an […]
Writing optimized website code is considered to be one the most complicated tasks. Hence, this paper explores amazing server side configuration techniques and various improvements to boost-up your ASP.NET website’s performance through the Internet Information Web Server. Dot NET websites goes live to the internet via IIS web server […]
Released in September 2013, CryptoLocker is a ransomware program that targets all versions of Windows, including Windows XP, Windows Vista, Windows 7, and Windows 8. This trojan encrypts almost all files using a combination of RSA & AES encryption. When the encryption is over, it will display a CryptoLocker […]
Injection is a high-category vulnerability in web applications. Attackers and security auditors alike always try to find the kind of vulnerabilities which allow them to perform a command execution. There are a number of vulnerabilities in the category of command execution, and one of them is Server Side Includes […]