Mobile Application Security Assessment – Proxying for Windows Phone
While conducting mobile application security assessment of Windows Phone capturing application traffic will allow penetration tester to modify the traffic and analyze the responses from…
CSRF Vulnerability on LinkedIn
In previous blog we have seen a critical vulnerability in LinkedIn password reset module allowing an attackers to compromise LinkedIn user’s account and how helpless…
Better Secure Than Sorry! Neglected, Assumed and Hence Vulnerable Menace: Password Attacks
On July 16, 1998, CERT reported an incident where an attacker had found 186,126 encrypted passwords. By the time they were discovered, they had already…
How secure is my LinkedIn account ?
LinkedIn is a business-oriented Social networking service. One purpose of the sites is to allow registered users to maintain a list of contact details of…
Social Engineering and How It Helped Us Find A Mole
Social Engineering is essentially the art of influencing some person into doing things that he may or may not do willingly. It is not a concept…
Bug Bounty : An Introduction
What exactly is Bug Bounty ? In the Wild West, when outlaws roamed the land, local sheriffs did not have the resources to track them…
Insecure URL redirection in Google+
Our team identified a vulnerability in Google+ (Google Plus) service which can be used to perform malicious insecure URL redirection in google+. It was possible…
Proxying HTTP/HTTPS traffic on android
Proxying HTTP/HTTPS traffic on android – There are several stages to perform thorough penetration testing on android based application including but not limited to Authentication,…
Hacking Google account through Locked Android Devices
Hacking Google account through Locked Android Devices Varutra revealed an issue in the text message notification implementation of Google’s Android operating system which may lead…