How to increase ROI from Vulnerability Management programs?

It is important to implement a robust Vulnerability Management (VM) program with an aim to keep the IT infrastructure of the organization protected from existing and emerging security threats. The program should not only look at identifying security vulnerabilities, but it must also establish a process for planning and controlling the risks effectively within desired…

A Practical Guide to XXE Attack

Introduction to XML XML (Extensible Mark-up Language) is used to create user-defined tags, unlike HTML which consists of pre-defined tags. It is designed to describe data and focus on what data is. In the example below, XML is used to define Email information using tags like, <to>, <from>, <heading>, <body> <?xml version=’1.0’ encoding=’UTF-8’?> <note> <to>John</to>…

JAVA Secure Coding

Secure Coding Checklist – JAVA EE

This blog highlights different insecure coding practices seen in JAVA EE applications. It includes most of the OWASP Top 10 Vulnerabilities, giving their root causes and mitigation techniques.   1. Authentication Insecure Coding Practices Secure Coding Practices Concatenated SQL queries for login validation. In most cases it is seen that user credentials, as retrieved from…

How to prevent XSS in ASP.NET Applications

Cross site scripting attack is one of the high-rated web attacks. In this blog, we will focus on the root cause of this attack in ASP.NET based applications. And why some existing controls fail to prevent this attack? To understand the subject we will take the case of a search feature. Here the application accepts search keywords…

Mobile Application Security

How frameworks like Cordova leave an inherent security hole in Mobile Apps

Frameworks like Apache Cordova enables software programmers to build hybrid applications for mobile devices. The applications can be built using CSS3, HTML5, and JavaScript, that is then wrapped inside a thin native container that provides access to native platform features. This facilitates programmers to create cross-platform mobile applications that work on multiple devices. Though it is easier and cost effective to build such applications,…

ChatBot Security

Decoding Chatbot Security

A chatbot is an automated service that operates with rules and artificial intelligence to interact with users using a chat interface. Here are few examples of a chatbot: Weather bot: gives the weather information Grocery bot: helps in making decision for grocery items News bot: gives news updates There are two types of chatbots: Chatbots that…

Reverse Engineering Android App

Tweaking Android Code!

Android applications are bundled in an “apk” format. All the android source code files are compiled and converted into a compressed “dex” file viz. classes.dex. In-order to retrieve the android source files we must go the reverse order – (dex to jar to java and then back to dex). The entire process is explained in…