Prateek Gianchandani

Prateek Gianchandani, a recent IIT graduate, has interests in the field of Penetration Testing, Web Application Security and Intrusion Detection. He is currently a researcher for InfoSec Institute. In the past he has worked for security-based startups.

You can contact him at and on twitter @prateekg147 or you can visit his personal website at

Prateek Gianchandani

Hacking web authentication - part one

Authentication is the process of validating something as authentic. When a client makes a request to a web server for accessing a resource, sometimes the web

iOS application security part 47 — Inspecting apps with Frida

In this article, we will talk about Frida. Frida is a dynamic instrumentation toolkit which can prove to be extremely useful in iOS application assessments.

DNS hacking (beginner to advanced)

DNS is a naming system for computers that converts human-readable domain names e.g. ( into computer-readable IP-addresses. However, some

App Transport Security

One of the most common misconfiguration issues that I find during testing iOS apps is the bypass of the App Transport Security feature introduced by Apple in

Developing Secure Java Code - Best Practices for a Team

The following whitepaper shall introduce to us the basic practices to be followed to write secure Java code. The following topics are touched on- general cod

Enhancements in Damn Vulnerable iOS app version 2.0

In this article, I would like to give a quick walkthrough of the new vulnerabilities and challenges that we have added in version 2.0 of Damn Vulnerable iOS

Bypassing Jailbreak Detection Using Xcon

In this small article, we will look at a very handful utility named Xcon for bypassing Jailbreak detection. As per the wiki page ... xCon is a collaborative

iOS Application Security Part 42 - LLDB Usage continued

In this article, we will look at some of the most important commands in LLDB to debug applications. If you have been following this blog series, you would ha

iOS Application Security Part 41 - Debugging applications using LLDB

In this article we will learn about the LLDB debugger used by Apple's Xcode for debugging applications, understand why it is better for security testing, and

iOS Application Security Part 40 - Testing apps on your Mac

In this article, we will discuss the extent to which you can test applications on your Mac rather than the device. This could be useful for many reasons, som

Android Application hacking with Insecure Bank Part 4

In this article, we will look at a very handy framework for analysis of android applications named Drozer. Drozer is a very useful tool as it eliminates the

Android Application hacking with Insecure Bank - Part 3

In this article, we will look at attacking components in Android applications, starting with activities. But first, it is essential to understand what Androi