Collaborate Disseminate
I know results from Static Application Security Testing (SAST) can be false positives or real and it is up to the security analyst and developer to decide which vulnerability is real based on the scenario and context.
What is the relationship between HTTP response codes and successful execution of XSS attacks? For e.g I am using a commercial vulnerability scanner that reports XSS vulnerability found in a certain web page. It further descri… Continue reading What is the relationship between HTTP response codes and successful execution of XSS attacks?
Working on android malwares, i have faced many android malwares that typically contain urls which are bank phishing page. This type of malwares are growing in number so an automated detection system is really needed. The very… Continue reading Extract urls from obfuscated android malware
Two years ago, when we began taking on blockchain security engagements, there were no tools engineered for the work. No static analyzers, fuzzers, or reverse engineering tools for Ethereum. So, we invested significant time and expertise to create what … Continue reading Use our suite of Ethereum security tools
I am working on a project to identify the malicious apps. For that I need a dataset which has permissions(extracted statically) and APIs(extracted dynamically) used by each android app.
Thank you.
After the initial information gathering phase, it is possible in ZAP to export or list any dynamic content and the respective parameters in a structured way, i.e., excluding the any static content (images, html pages, etc.)? … Continue reading Zed Attack Proxy: enumerating dynamic contents and associated parameters