Shiv Sahni – WindowsTechs.com

iOS Security Architecture-Encryption Keys

Posted on March 23, 2019 by Shiv Sahni

As per iOS Security 12.1 documentation(Page-15), there are individual UID and GID for each processing unit i.e AP(Application Processor) and Secure Enclave.

The application processor and Secure Enclave each have their own… Continue reading iOS Security Architecture-Encryption Keys→

Vulnerabilites in Maven Test Code

Posted on August 21, 2018 by Shiv Sahni

While performing the secure code review on the Java Spring Boot application, I identified certain security issues in the test source of the Maven project(src/test/java). For example, usage of the insecure crypto algorithm, ha… Continue reading Vulnerabilites in Maven Test Code→

How to penetrate into AWS Infrastructure?

Posted on June 17, 2018 by Shiv Sahni

While performing a penetration test on a web application, I was able to exploit a vulnerability which gave me access to all the server side source code. While analysing the source code, I found some juicy information such as … Continue reading How to penetrate into AWS Infrastructure?→

How SSL/TLS handshake happens when we use Cloudflare Service?

Posted on May 27, 2018 by Shiv Sahni

I was reading about the offerings of the Cloudflare and then I read about the working of Cloudflare.
Based on my understanding, the domain name of my website(alice.com) is resolved to the IP address of Cloudflare Data Center … Continue reading How SSL/TLS handshake happens when we use Cloudflare Service?→

Identification of TLS POODLE Vulnerability

Posted on April 28, 2018 by Shiv Sahni

How can I identify whether the remote server is vulnerable to TLS POODLE vulnerability? Although, there are online scanners such as Qualys SSL Labs. As per my understanding, these online scanners do not work on custom ports such as 8086, 8… Continue reading Identification of TLS POODLE Vulnerability→

APKTool: Issue in Rebuilding Android Application Built on Latest targetSdkVersion

Posted on March 1, 2018 by Shiv Sahni

During the security assessment of the Android applications. I check if the application is tamper proof.
For this, I decompile the application using apktool and then tamper it by modifying the resources and/or SMALI code and t… Continue reading APKTool: Issue in Rebuilding Android Application Built on Latest targetSdkVersion→

How to Check Compilation Options For SO File – Android Application VA

Posted on September 24, 2017 by Shiv Sahni

During the security assessment of Android applications, I have encountered multiple instances where .so (Shared Objects) files are present in lib directory.
What can be possible security test cases for the same.

I have one … Continue reading How to Check Compilation Options For SO File – Android Application VA→

HTTP security headers for native and webview based mobile applications

Posted on September 24, 2017 by Shiv Sahni

OWASP Security Headers Project recommends the following security headers for web applications. Out of the following which headers are relevant to mobile applications?

HTTP Strict Transport Security (HSTS)
Public Key Pinning … Continue reading HTTP security headers for native and webview based mobile applications→