Is that mobile app safe to use?

Would you readily give your residential address to a stranger? No? Aren’t you extra cautious while opening an email from an unknown sender? Yes? Good! How about extending the same sense of protection to your smart phone while downloading apps? In both these instances, you are necessarily safeguarding your home and yourself from prying eyes.…

Mobile Apps: Owner’s Pride, Hacker’s Gain

Did you know that a mobile application, on an average has 9 vulnerabilities? Multiply that by the average number of installed applications (26.2) and you end up with an average of 235.8 vulnerabilities. In simple words, there are 235.8 ways for hackers to get inside your phone. Scary, huh? Hackers can get into your mobile…

Vulnerability Assessment – Automated v/s Manual Testing

We all know that there are 3 distinct pillars of software testing – functional testing, security testing and performance testing. There are multiple tools out there, to make tester’s life easy. While these automations are a important, there are few lacuna that a tester should be aware of, and this is especially true in case…

Learnings From The Cyber Attacks on Banking Industry

Year 2018 was full of cyber-attacks and the most serious news was about well-orchestrated cyber-attacks on banking industry. No matter how much awareness is generated, unfortunately the banking industry seems to be waking up only upon hearing about an attack and becomes sluggish on cyber security. While providing consultancy to many banks, in different geographical…

SQL Injection Attack Via ORM Sink

Test cases for SQL Injection via ORM Sink What is an SQL injection? SQL injection (SQLi) is a major or one of the top OWASP application security weakness that allows attackers/hackers to inject, gain control in an application’s database and letting them access or delete data, change an application’s data-driven behaviour or flow, and do…

XXE Attack using Burpsuite

Steps: ⦁ I used a vulnerable website (⦁ http://testhtml5.vulnweb.com/#/popular) a)Pre-settings to be done b)Go to the vulnerable website: c) Do Forget password: ⦁ I have used Burpsuite to Intercept the data ⦁ Generated a request to generate new password ⦁ The request was using “Explicit XML entities” as we can see above in the screenshot.…

Basics of Vulnerability Assessment and Penetration Testing

Basics of Vulnerability Assessment and Penetration testing As the number of web and mobile applications is increasing the cyber attacks are increasing everyday too. World statistics shows that more than 70% of the applications either have vulnerabilities which could be exploited by a hacker, or worse, those are already exploited. The data loses due to…

Android Security Risks

Scope of article Open source world loves Android operating system. It is surely a gift from google, that provides cutting edge and versatile mobile development platform. While there are tons of applications already running on multiple tablets and phones, little is known about the security of this platform. This article talks about the security model…