runtime – WindowsTechs.com

Dynamic Application Security Testing (DAST) Scanner for Post Authentication [closed]

Posted on July 26, 2019 by Jshee

I am wondering if anyone know’s of a DAST Scanner than can either take in an authenticated request from somewhere like burp, OR some DAST software that takes username and password and then run DAST scans against the target.

I’ve used a t… Continue reading Dynamic Application Security Testing (DAST) Scanner for Post Authentication [closed]→

Frida for swift applications

Posted on April 11, 2019 by Vishal Singh

Is it possible to list the classes and methods available for the current screen through Frida at runtime?

Continue reading Frida for swift applications→

Strengthen Production Systems with Container Runtime Security

Posted on August 31, 2018 by David Bisson

Container security is not a unitary action but a multifaceted process. It involves securing the build environment using secure code control and other strategies. The procedure also necessitates securing containers’ contents via code analysis and … Continue reading Strengthen Production Systems with Container Runtime Security→

How to defend against this attack?

Posted on March 30, 2017 by Joël L.

Recently I’ve started to learn more about the way antivirus and other anti malware products work, and I realized that most of them mainly use 3 different techniques to detect and stop malware:

Signature-based detection
Heur… Continue reading How to defend against this attack?→

How to defend against a virus that hides the payload by encrypting it?

Posted on March 30, 2017 by Joël L.

Recently I’ve started to learn more about the way antivirus and other anti malware products work, and I realized that most of them mainly use 3 different techniques to detect and stop malware:

Signature-based detection
Heur… Continue reading How to defend against a virus that hides the payload by encrypting it?→

Runtitme Error page is being displayed for XSS or SQL injection payloads

Posted on March 22, 2017 by Sai Dutt Mekala

When I have manipulated the URI of an application with some SQL or XSS payloads I am able to see a runtime error page. Can we come to a conclusion that the application is vulnerable to SQL Injection or XSS attacks.

Please Su… Continue reading Runtitme Error page is being displayed for XSS or SQL injection payloads→

Are there any dynamic security analysis tools for Java?

Posted on February 4, 2017 by pasanbsb

There are some static security vulnerability testing tools available. But they require source code to analyse. But there are third party libraries which are closed source. How to test for their vulnerabilities when we integra… Continue reading Are there any dynamic security analysis tools for Java?→

Dynamic analysis of Swift application using Cycript or gdb

Posted on December 21, 2016 by Saurabh

I am doing analysis of a Swift iOS application. I am able to attach gdb or Cycript, but after that these tools are not able to do any method swizzling. I cant even call some method directly using Cycript, which is very easy in Objective C … Continue reading Dynamic analysis of Swift application using Cycript or gdb→

How does Cycript / Cydia Substrate hook into processes?

Posted on October 21, 2016 by Phoebus

I am currently doing some research on techniques about hooking mobile applications and came across some frameworks like Xposed (Android), Frida (Android and iOS) and Cycript (iOS).

The documentation about Xposed and Frida is… Continue reading How does Cycript / Cydia Substrate hook into processes?→

How to validate the integrity of a library at run time?

Posted on September 30, 2016 by Limit

I was looking at the FIPS certified version of OpenSSL and noticed that they need to execute an integrity check of the library every time it loads. As a result, the library needs to be loaded at a fixed base address to execut… Continue reading How to validate the integrity of a library at run time?→