Would you readily give your residential address to a stranger? No? Aren’t you extra cautious while opening an email from an unknown sender? Yes? Good! How about extending the same sense of protection to your smart phone while downloading apps? In both these instances, you are necessarily safeguarding your home and yourself from prying eyes.…
While providing consultancy on cyber security, I am often asked a question by bank’s senior IT management — Why our application VAPT should be different than any other application VAPT? Isn’t it just a web app after all? I really wish if that was true, but it is not. It is a misconstrued notion in…
I guess most of us know why a vulnerability assessment and penetration testing needs to be performed for web apps or mobile apps. Lately I had been asked by IT product development companies to put together the most critical drivers for this. I thought I would sum it up and share for benefit of everyone…
Did you know that a mobile application, on an average has 9 vulnerabilities? Multiply that by the average number of installed applications (26.2) and you end up with an average of 235.8 vulnerabilities. In simple words, there are 235.8 ways for hackers to get inside your phone. Scary, huh? Hackers can get into your mobile…
We all know that there are 3 distinct pillars of software testing – functional testing, security testing and performance testing. There are multiple tools out there, to make tester’s life easy. While these automations are a important, there are few lacuna that a tester should be aware of, and this is especially true in case…
Year 2018 was full of cyber-attacks and the most serious news was about well-orchestrated cyber-attacks on banking industry. No matter how much awareness is generated, unfortunately the banking industry seems to be waking up only upon hearing about an attack and becomes sluggish on cyber security. While providing consultancy to many banks, in different geographical…
Test cases for SQL Injection via ORM Sink What is an SQL injection? SQL injection (SQLi) is a major or one of the top OWASP application security weakness that allows attackers/hackers to inject, gain control in an application’s database and letting them access or delete data, change an application’s data-driven behaviour or flow, and do…
Steps: ⦁ I used a vulnerable website (⦁ http://testhtml5.vulnweb.com/#/popular) a)Pre-settings to be done b)Go to the vulnerable website: c) Do Forget password: ⦁ I have used Burpsuite to Intercept the data ⦁ Generated a request to generate new password ⦁ The request was using “Explicit XML entities” as we can see above in the screenshot.…
Basics of Vulnerability Assessment and Penetration testing As the number of web and mobile applications is increasing the cyber attacks are increasing everyday too. World statistics shows that more than 70% of the applications either have vulnerabilities which could be exploited by a hacker, or worse, those are already exploited. The data loses due to…
Scope of article Open source world loves Android operating system. It is surely a gift from google, that provides cutting edge and versatile mobile development platform. While there are tons of applications already running on multiple tablets and phones, little is known about the security of this platform. This article talks about the security model…
