A Practical Guide to XXE Attack

Introduction to XML XML (Extensible Mark-up Language) is used to create user-defined tags, unlike HTML which consists of pre-defined tags. It is designed to describe data and focus on what data is. In the example below, XML is used to define Email information using tags like, <to>, <from>, <heading>, <body> <?xml version=’1.0’ encoding=’UTF-8’?> <note> <to>John</to>…

JAVA Secure Coding

Secure Coding Checklist – JAVA EE

This blog highlights different insecure coding practices seen in JAVA EE applications. It includes most of the OWASP Top 10 Vulnerabilities, giving their root causes and mitigation techniques.   1. Authentication Insecure Coding Practices Secure Coding Practices Concatenated SQL queries for login validation. In most cases it is seen that user credentials, as retrieved from…

Mobile Application Security

How frameworks like Cordova leave an inherent security hole in Mobile Apps

Frameworks like Apache Cordova enables software programmers to build hybrid applications for mobile devices. The applications can be built using CSS3, HTML5, and JavaScript, that is then wrapped inside a thin native container that provides access to native platform features. This facilitates programmers to create cross-platform mobile applications that work on multiple devices. Though it is easier and cost effective to build such applications,…

Secure By Design

Why thinking security at an early development stage is extremely vital for Mobile Apps!

It is a commonly seen practice to perform security testing of applications during the QA stage, after developing their code. In all such cases however as security bugs get uncovered at the later stage of development, a great amount of rework gets involved before the application release. There by causing issues like delays, unverified security-fixes,…