Similar to Flash, Microsoft java is a "thick client" application interface used to enhance users' experience. Underlying web services calls made by Silverlight are vulnerable and it is important to map those in terms of vulnerabilities and create fixes.

Web Application Security Testing

Wireless Devices and Networks

SCADA Networks

Silverlight Based Thick Client Apps

Wireless networks are an extension of your organization's infrastructure perimeter and should be tested thoroughly. While it eases the job of networking and connecting computers, it is also easy for a hacker to get into the network over wireless signals. Hence an insecure wireless poses a greater cyber security risk to the network, as compared to the cable based network.

Read More

Why penetration of Java based applications is essential?

Java applets are a vital component in any software implementation, when it comes to deploying a robust and versatile application system. Java creates pseudo-code to add a security layer, however unfortunately it is not sufficient in todays insecure world. Multiple attacks for data at rest and data in transit are applicable to Java coded applications.

How do we pen-test Java apps?

Valency Networks security analysts use following methods to perform vulnerability assessment and penetration testing of Java apps.

  • Intercept data in transit
  • Tamper with local storage
  • Dump memory
  • Inject dummy data

While the data in transit can be intercepted using various tools, the data at rest on the local storage can also be tampered with and deciphered to gain user and application information. Most of the java applet penetration testing is performed using manually methods and few tools are used merely to speeden the process up. A memory dump of java runtime memory manager can reveal critical application information in terms of secure or non-secure backend calls. If found vulnerable, injecting dummy data to penetrate into application database is tried too, which is a rather intrusive test.