Collaborate Disseminate
I am working for a company where vulnerability assessment for infrastructure and applications are being done by different vendors. Sometimes I get confused that assessment should happen on the infrastructure or application side.
E.g. xyz … Continue reading How vulnerability assessment is different for application and infrastructure?
I am working for a company where vulnerability assessment for infrastructure and applications are being done by different vendors. Sometimes I get confused that assessment should happen on the infrastructure or application side.
E.g. xyz … Continue reading How vulnerability assessment is different for application and infrastructure?
I have given an app to test, on which I ran a quick scan in composition tool like Protecode, It shows all component (like okhttp, protobuf,okhttp etc.) used and existing vulnerability.
My question is, if I want to list all c… Continue reading How to check vulnerable component and its version in any APK?
Web application calling different API on its login success, Ex : Let’s say if the web app has 4 pages and all the 4 APIs are being called after login success.
If I drop 3 of 4 APIs request using burp, then what should be sho… Continue reading What should happen on web app UI when we drop request in Burp
I am testing a website and noticed that when I change the GET method of the API request to TRACE, it returns an error 405-Method not allowed in Burp repeater. That’s fine.
The problem is, lots of other information is also co… Continue reading Whats should be TRACE response of an API (if it is not allowed on server)?
I need to perform white box testing of android as well as server code.Please let us know which is the best plugin to find vulnerability in the code.
Thanks!
I am unable to capture packets of native android email app in burp suite but able to capture packets of chrome browser.
I have configured the proxy of my machine with burp port(8080) on the test device. I am not getting “how… Continue reading How to intercept packets of system apps in Android?
I am testing an android app which has DB encrypted (AES-256), I extracted it from system files /data/data//databases, I have following doubts,
How do we ensure that DB is encrypted properly and it is not crackable.
What too… Continue reading How to crack encrypted Android SQLite DB?
We need a backup of SMSes, apps, device settings, wallpapers and contacts of the device through our designed app.
So, is it possible for an attacker to spoof, tamper, impersonate source data (SMSes, device setting, contacts… Continue reading Can an attacker spoof content provider, backup manager or wallpaper manager in Android?
How to perform security testing on application like iCloud Backup and Restore features? Please share your scenarios and penetration testing tool to break encryption.Also if anyone can suggest the threat model, that will be gr… Continue reading How to perform security testing on application like iCloud Backup and Restore features?