For those of us in the information technology field, there are two reasons why we should understand operating system fingerprinting.
The first reason is to better design and implement security controls in networks and local machines.
The second reason is that effective OS fingerprinting is a vital penetration testing skill.
If an […]
OWASP Practice is a virtual environment to help people who want to begin their journey into web application security. Lots of material including videos are available on the Internet, both for free and for a fee, that teach web application security in a good manner. But this project has […]
In my previous article, I explained what happened to the evolution of malware when microcomputers started to become a major presence in small offices and households. That coincided with the exploding popularity of Microsoft’s MS-DOS and Windows 3.1. The file systems they were based on, FAT16 and later on, […]
In this series of articles so far, we have discussed various techniques to identify and exploit vulnerabilities in Android applications. In the previous article, we have seen how to exploit debuggable Android applications. In this article, let’s discuss the vulnerabilities associated with Android WebViews.
Introduction to Android WebViews
Implementing WebViews […]
In the previous article, we have seen how to debug Java applications using a little tool called JDB. In this article, we will apply the same logic to exploit Android apps, if they are flagged as debuggable. If an application is flagged as debuggable, we can inject our own […]
In the last couple of years there has been a boom in cloud computing, but mainly just the term is new, as we’ve been using cloud services for years without even realizing it. Almost every cloud, whereas it’s Saas, PaaS or IaaS, implements some kind of API (Application Programming […]
According to recent research, the amount of mobile phone users is larger than PC users. At the same time, the number of people who own Android phones is increasing rapidly. Android phones bring people a lot of convenience, in that it helps people do as much work as they […]
In our last part of this series (Android Application Security Testing Guide: Part 1), we discussed static analysis of Android APK files on the security background, and we tried to find any sensitive information which we can collect. In this part, we will head to our second phase, i.e. […]
Are you a Backtrack/Kali freak? Ever thought of having a similar distribution in your arsenal dedicated for Android Security? “Android Tamer” is the solution to fulfill your needs.
What is Android Tamer?
Android Tamer is a Linux based distribution developed for Android Security Professionals. This distribution is based on Ubuntu 10.04LTS, […]
In the previous articles, we have seen how applications like Snoop-it can trace method calls specific to the application at runtime. This is very important in deducing the flow of the application. The same process can be performed by using a perl script named Logify.pl that comes installed with […]
This paper is designed to demonstrate the common IIS web server security specifications in the form of a checklist that aids web masters or penetration testers to implement a secure web server infrastructure swiftly. It is mandatory for a web application to be duly full proof from vicious attacks […]
In some of the previous articles in this series, we have looked at how we can modify the behaviour of an application by patching it using IDA Pro, Hopper etc. However, doing this hasn’t been quite straightforward always. We can also use Cycript to modify the behaviour of an […]
Writing optimized website code is considered to be one the most complicated tasks. Hence, this paper explores amazing server side configuration techniques and various improvements to boost-up your ASP.NET website’s performance through the Internet Information Web Server. Dot NET websites goes live to the internet via IIS web server […]
Released in September 2013, CryptoLocker is a ransomware program that targets all versions of Windows, including Windows XP, Windows Vista, Windows 7, and Windows 8. This trojan encrypts almost all files using a combination of RSA & AES encryption. When the encryption is over, it will display a CryptoLocker […]
Injection is a high-category vulnerability in web applications. Attackers and security auditors alike always try to find the kind of vulnerabilities which allow them to perform a command execution. There are a number of vulnerabilities in the category of command execution, and one of them is Server Side Includes […]
Information disclosure is considered to be a serious threat, wherein an application reveals too much sensitive information, such as mechanical details of the environment, web application, or user-specific data. Subtle data may be used by an attacker to exploit the target hosting network, web application, or its users. Therefore, […]
This paper especially pinpoints the poor practice of cryptography in URL, which is typically implemented to encrypt sensitive data residing in the website URL in the form of a query string that is transmitted across a variety of networks. Websites can be compromised and such subtle information (query string) […]
IOS Application Security Part 31 – The problem with using third party libraries for securing your apps
In this article, we will talk about why we shouldn’t completely rely on using third party libraries for securing our apps. Usually, some of the things we try to do in our application are adding checks to detect piracy, jailbroken device etc. It is such a pain to write […]