VAPT

Is that mobile app safe to use?

Would you readily give your residential address to a stranger? No? Aren’t you extra cautious while opening an email from an unknown sender? Yes? Good! How about extending the same sense of protection to your smart phone while downloading apps? In both these instances, you are necessarily safeguarding your home and yourself from prying eyes….

VAPT

Mobile Apps: Owner’s Pride, Hacker’s Gain

Did you know that a mobile application, on an average has 9 vulnerabilities? Multiply that by the average number of installed applications (26.2) and you end up with an average of 235.8 vulnerabilities. In simple words, there are 235.8 ways for hackers to get inside your phone. Scary, huh? Hackers can get into your mobile…

VAPT

Learnings From The Cyber Attacks on Banking Industry

Year 2018 was full of cyber-attacks and the most serious news was about well-orchestrated cyber-attacks on banking industry. No matter how much awareness is generated, unfortunately the banking industry seems to be waking up only upon hearing about an attack and becomes sluggish on cyber security. While providing consultancy to many banks, in different geographical…

VAPT

SQL Injection Attack Via ORM Sink

Test cases for SQL Injection via ORM Sink What is an SQL injection? SQL injection (SQLi) is a major or one of the top OWASP application security weakness that allows attackers/hackers to inject, gain control in an application’s database and letting them access or delete data, change an application’s data-driven behaviour or flow, and do…

VAPT

XXE Attack using Burpsuite

Steps: ⦁ I used a vulnerable website (⦁ http://testhtml5.vulnweb.com/#/popular) a)Pre-settings to be done b)Go to the vulnerable website: c) Do Forget password: ⦁ I have used Burpsuite to Intercept the data ⦁ Generated a request to generate new password ⦁ The request was using “Explicit XML entities” as we can see above in the screenshot….

VAPT

Basics of Vulnerability Assessment and Penetration Testing

Basics of Vulnerability Assessment and Penetration testing As the number of web and mobile applications is increasing the cyber attacks are increasing everyday too. World statistics shows that more than 70% of the applications either have vulnerabilities which could be exploited by a hacker, or worse, those are already exploited. The data loses due to…