OWASP TOP 10 list is being constantly updated every 3 years to keep pace with the current threat landscape for web application security. Key factors in its evolution are advances made by attackers, the release of new technologies with new weaknesses, more built in defences, and the deployment of increasingly complex systems. On June 6, […]

The RBI constituted the Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, which produced its report in January 2011. The Working Group was headed by Mr. G. Gopalakrishna and is popularly known as the Gopalakrishna Committee Report. The presentation below highlights some of the salient points, with special emphasis on […]

Summary of the presentation and research done – By Hugo Teso According to Teso, there are two sub-parts when it comes to aviation systems and understanding them. Concorde airplane or the airplanes of  its time used to have all analog systems on-board and were highly isolated from the outside entities. Due to this there are […]

What is Fuzzing? Fuzz testing is a testing technique that provides malicious input to the application. Fuzz testing is crashes, assertion failures, and memory leaks when program fails to handle the malicious input. Fuzz testing identifies vulnerabilities which are severe in nature. The typical fuzzing checks the application for buffer overflow, format string vulnerability which […]

Code Analysis Tool (CAT.NET) is a binary source code analysis tool that helps in identifying common security flaws in managed code. These vulnerabilities are listed in the below table. Vulnerability Description Cross Site Scripting(XSS) XSS vulnerability allows an attacker to inject a malicious HTML Code or Scripts which gets executed in the Client’s browser. A successful XSS […]

In early 2012, a client contacted us with suspicious-looking emails that he had received. There were two emails received by the client. While we completed the investigation and submitted the report to the customer at that time, we never took the case forward. However, when the Norman Hangover report was published it rang a few […]

What is Memcache? Memcache is temporary data storage service which stores data in <key> :< value> format. It improves the overall performance of the website by storing chunks of data in a cache. Example Scenarios where memcache might be used If the application is having  some huge chunk of static data which needs to be […]

Summary: LinkedIn has a feature called Project wherein you can add project members from your connections. We were able to discover a way to view a LinkedIn member’s project even if he/she is not one of our connections. We were also able to create a new project and add other LinkedIn members to it without […]

Understanding PCI DSS and PA DSS is crucial to the role of a penetration tester. Quoting the relevant PCI-DSS or PA-DSS control reference for your findings would help demonstrate the proper risk arising from common security findings such as support of older SSL versions, weak encryption when storing cardholder data, lack of proper logs from […]

  From the year 2012-2025 ICAO(International civil aviation organization) have decided to transform the present aviation environment by introducing new technology which will revolutionize present aviation industry. According to ICAO, the technology responsible to do so is named NextGen (Next Generation Air Transportation System), which is developed by the United States and will be mandatory […]