Category: Secure Coding

Introduction A remotely exploitable vulnerability was discovered by Stephane Chazelas of Akamai in the GNU Bash command shell. The vulnerability […]

Couple of days back, I reported XSS and Content Spoofing on LinkedIn. Here are the details of the issues. Cross Site Scripting: […]

During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled […]

SQL injection – one of the most critical vulnerabilities till now – is still included in the OWASP Top 10 […]

Browser Reconnaissance and Ex-filtration via Adaptive Compression of Hypertext (BREACH) Attack: Previously we learnt how CRIME attacks SSL/TLS using SSL/TLS […]

Compression Ratio Info-leak Made Easy (CRIME) attack: In the previous section we saw how the Chosen Plain-text attack was used […]

Recently there has been a lot of news about a new SSL/TLS based attacks which was demonstrated in this year’s […]

Overview: In this following test, I wanted to see whether I was able to view personal details of some other […]

It is a common technique for criminals to target gaming applications as a propagation vector for malware distribution. Recently, I observed just such a malicious Android app, which acted as an interesting information stealer and then self-destructed. I took this case to investigate further as an interesting research.

Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the […]