Secure Coding Checklist – JAVA EE

This blog highlights different insecure coding practices seen in JAVA EE applications. It includes most of the OWASP Top 10 Vulnerabilities, giving their root causes and mitigation techniques.   1. Authentication Insecure Coding Practices Secure Coding Practices Concatenated SQL queries for login validation. In most cases it is seen that user credentials, as retrieved from…

How to prevent XSS in ASP.NET Applications

Cross site scripting attack is one of the high-rated web attacks. In this blog, we will focus on the root cause of this attack in ASP.NET based applications. And why some existing controls fail to prevent this attack? To understand the subject we will take the case of a search feature. Here the application accepts search keywords…

How frameworks like Cordova leave an inherent security hole in Mobile Apps

Frameworks like Apache Cordova enables software programmers to build hybrid applications for mobile devices. The applications can be built using CSS3, HTML5, and JavaScript, that is then wrapped inside a thin native container that provides access to native platform features. This facilitates programmers to create cross-platform mobile applications that work on multiple devices. Though it is easier and cost effective to build such applications,…

Decoding Chatbot Security

A chatbot is an automated service that operates with rules and artificial intelligence to interact with users using a chat interface. Here are few examples of a chatbot: Weather bot: gives the weather information Grocery bot: helps in making decision for grocery items News bot: gives news updates There are two types of chatbots: Chatbots that…

Tweaking Android Code!

Android applications are bundled in an “apk” format. All the android source code files are compiled and converted into a compressed “dex” file viz. classes.dex. In-order to retrieve the android source files we must go the reverse order – (dex to jar to java and then back to dex). The entire process is explained in…