1. Introduction to the Problem
Crypton is an open-source project provided by SpiderOak with the purpose of solving privacy and security problems through cloud applications. Before introducing the solution, we must first talk about the problem. The main problem with cloud-based applications is that the user’s data is stored in […]
In this article, we will look at how we can use a feature in iOS named url schemes to exploit an application. URL schemes are used by applications to communicate with each other. Every application can register for a particular url scheme. For e.g, the Damn Vulnerable iOS application […]
The first volume of this series addressed the hypothesis of the secure socket layer (SSL) in the context of .NET based websites. We have obtained a thorough understanding about SSL internals, such as how they work, the role of digital certificates, and the advantages of SSL implementation on asp.net […]
Securing cookies is an important subject. Think about an authentication cookie. When the attacker is able to grab this cookie, he can impersonate the user. This article describes HttpOnly and secure flags that can enhance security of cookies.
2. HTTP, HTTPS and secure Flag
When HTTP protocol is used, the […]
This challenge includes a web application generally designed for image hosting. The application has a few vulnerabilities. The challenge is to exploit the application’s vulnerability and find the hidden message for a date arrangement that Bob sent to Alice.
Host the virtual machine and let’s start by identifying the target […]
In this article, I will write about how to get started with Damn Vulnerable iOS Application. Damn Vulnerable iOS App (DVIA) is an iOS application that I wrote to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. […]
Users of web applications are recognized by session IDs. That’s why it’s obvious that session management is an important subject. Session management flaws are related to weaknesses in the following categories:
- Generation of session IDs (think about the session IDs that can be predicted)
- Life cycle of session […]
Android is a Linux kernel mobile platform that has been popular throughout its existence on a huge variety of devices, especially mobile smartphones. Most organizations, ranging from banking to telecom companies, have also come up with their apps for Android. Just like generic web applications, these mobile applications need […]
Automated tools are used to carry out many security attacks to online services. There are different protection mechanisms to narrow down such attacks and one such mechanism is the usage of CAPTCHA. CAPTCHA or Completely Automated Public Turing test to tell Computers and Humans Apart is a mechanism adopted […]
This article elaborates the complete life cycle of making a custom interactive C# compiler, much like one of an existing CSC.exe. It is hard to imagine such a custom C# interactive compiler kind of mechanism, but this innovation could be constructed by employing C# APIs of the open source […]
In this article we will look at an example of Insecure or Broken Cryptography which is a common vulnerability found in most IOS applications. This vulnerability occurs when the data stored on the device is not encrypted properly thereby allowing a malicious user to gain access to that information. […]
In Part 26 of this series, we looked at how we can use IDA Pro and Hex Fiend to patch an IOS application and modify its implementation. Patching an application has the specific advantage that once a change has been made, it is permanent. However, if you look back […]
In this article we will look at how we can set up a mobile pentesting platform on our device with the new IOS 7 jailbreak. There has been quite a lot of discussion on the web about whether it is safe for a user to jailbreak their devices yet. […]
Sensitive Data Exposure
A web application is vulnerable if it does not store sensitive information like password, bank details, personal user information encrypted inside the data storage or database. A strong encryption algorithm and salted hashing techniques should be used to store sensitive user information. And the sensitive information between […]
SQL injection occurs when a user sends malicious data to an interpreter as an SQL query. The attacker sends simple text-based attacks that exploit the targeted interpreter. An attack with an SQL string in it can be used to bypass authentication of data from database tables. It can […]
Introduction to Java
Java technology is widely used. The questions arise: What is java? Where it is used?
Java is a programming language. It is used to make web applications, mobile applications, desktop applications, and so on.
Why Is Java used?
Java has certain advanced features over other programming languages that make it […]
Interoperability Between JVM & CLR
The real concept driving this article is to develop solutions using the .NET or Java Framework that interoperate with heterogeneous systems or even mutually communicate with each other. Java Virtual Machine (JVM) is exposing Java Native Interface (JNI), which allows other programs to control JVM […]
In the previous applications we have looked at how we can hijack method implementations during runtime using Cycript, and even change the logic of the code rather than changing the complete implementation using GDB. All of these things have been done to serve a purpose, which is to make […]
In this article, we will look at some of the best practices an IOS developer should follow in order to make sure that their application is not easily exploitable by hackers.
Local Data Storage
It is extremely important for developers to know what kind of data they should be storing locally […]
This article illustrates these contents in detail:
The .NET Application
Obfuscated Code Analysis
MSIL Code Analysis
The purpose of this paper is to demystify the .NET assembly obfuscation as a way to deter reverse engineering. The primary concern for organizations is typically protecting their source code (as intellectual property) from reverse […]