Bourne Again Shell (Bash) Remote Code Execution Vulnerability
Introduction A remotely exploitable vulnerability was discovered by Stephane Chazelas of Akamai in the GNU Bash command shell. The vulnerability […]
Category: Secure Coding
LinkedIn Cross-Site-Scripting (XSS) & Content Spoofing Vulnerability
Couple of days back, I reported XSS and Content Spoofing on LinkedIn. Here are the details of the issues. Cross Site Scripting: […]
Owning The Enterprise With HTTP PUT
During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled […]
From SQL Injection To 0wnage Using SQLMap
SQL injection – one of the most critical vulnerabilities till now – is still included in the OWASP Top 10 […]
SSL/TLS attacks: Part 3 – BREACH Attack
Browser Reconnaissance and Ex-filtration via Adaptive Compression of Hypertext (BREACH) Attack: Previously we learnt how CRIME attacks SSL/TLS using SSL/TLS […]
SSL/TLS attacks: Part 2 – CRIME Attack
Compression Ratio Info-leak Made Easy (CRIME) attack: In the previous section we saw how the Chosen Plain-text attack was used […]
SSL/TLS attacks: Part 1 – BEAST Attack
Recently there has been a lot of news about a new SSL/TLS based attacks which was demonstrated in this year’s […]
LinkedIn Authorization Bypass Vulnerability To Send Messages
Overview: In this following test, I wanted to see whether I was able to view personal details of some other […]
Gone in 60s Malware Analysis Report
It is a common technique for criminals to target gaming applications as a propagation vector for malware distribution. Recently, I observed just such a malicious Android app, which acted as an interesting information stealer and then self-destructed. I took this case to investigate further as an interesting research.
[Survey] Web Application Security – Getting Coders To Code Securely
Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the […]