Collaborate Disseminate
I’m reading Alice and Bob Learn Application Security and I came across this sentence:
To protect highly sensitive data, it is recommended that you flush
the memory when your program exits, logs out, or is otherwise ended.
Considering a w… Continue reading Flush the memory when the application is ended
From personal experience many mobile apps that I’ve tested don’t actively detect and discourage (with a warning) or even block the app from running on/in:
a rooted/jailbroken Android/iOS device
emulated environment
an end-of-life iOS or e… Continue reading Should mobile app developers actively prevent apps from running on outdated devices/rooted devices/emulators for security purposes?
I read the network+ and basic linux , a little java script(i reading), html, python
But whenever I read vulnerability
I dont understand
I dont know where to work on vulnerabilities, what tools to work with, or I dont know which vulnerabili… Continue reading i need help in the web application
Is it possible to edit and alter the capabilities of an app downloaded from an app store? For instance, could someone download Zoom and then manipulate it and change its functionality to be able to perform extraordinary tasks, such as read… Continue reading Is it possible to alter an established application’s functionality? [closed]
I’m playing with ModSecurity and need help. I’m trying to add a condition in the conf file where if there is specific header in the request then the SecRuleEngine should be On else it should be DetectionOnly. I tried the below condition in… Continue reading ModSecurity Condition Based Block Mode?
There are plenty of scammers trying to get access to my bank account. Usually they call me claiming they are from my bank’s fraud department, and try to convince my that there is a problem with my bank account and to protect my money I sho… Continue reading Bank scammer and banking app
May I have some guidance for a project I am working on?
These are the requirements:
A Dataset needs to be submitted in a .csv format, delimited by ‘|’
The Dataset needs to be submitted periodically (once per month)
There are ID columns in… Continue reading Assure Deterministic Hashing/Encryption Process can be Replicated if Rebuilt
I’ve recently been made aware that this paid for app can store pictures to internal storage when received without even being read. Have I been mislead?
Does this pose a security threat and if so, to what degree?
I am developing an VPN app, currently on mobile app part (Flutter). I have done server backend side. Client side code is done too. VPN establishment is based on socket communication: Client sends it its own public key and my Server sends b… Continue reading How to trust clients when they can be reverse-engineered to expose keys/credentials? [duplicate]
The InfoSec team of the client I work with has mandated that any customer-facing application’s backend should not directly access the database for that application. They require we create another internal API that is not public and call th… Continue reading Is creating an internal API within a VPN a recommended practice for securing database access for customer-facing applications?