More from Deepak Choudhary
Best Security Practices for Dealing With the Internet of Things
The Internet of Things is growing fast. McAfee sees the market for IP-connected hardware reaching 200 billion devices by the end of 2020. (See “A Guide to the Internet of Things” graphic, at the end of this post.) Given this widespread adoption, security should be a primary concern. The Dyn ...
Pentesters Can Take Advantage of Weakness in SAML
When penetration testers examine the security of applications, we employ a number of tools. We recently wrote about keeping track of browser options. Another protocol that we use to test is the Security Assertion Markup Language (SAML), a popular XML-based authentication information exchanger for implementing single sign-on (SSO) authentication. The ...
Pen Testers Need to Keep Track of Browser Options
Penetration testers searching for vulnerabilities always include cross-site scripting (XSS) attacks as one of their methods. Recently we observed an unusual XSS-related case that taught us something new. During an XSS-related test, we inserted the “<script>alert(1)</script>” payload as a GET request’s parameter and executed this command in Internet Explorer 11. ...
XML External Entity Injection Opens Door to Attacks, Theft
XML is a popular language for web developers, partially due to its software and hardware independence. Recently, however, XML security is under threat from XML external entity injection (XXE) attacks, a dangerous vulnerability in XML web applications. Even the most secure app, including those from Facebook and Google, can be ...
Boost Certificate Security With Android SSL Pinning
Certificate SSL pinning is an extra security layer in the SSL validation process for certificate authenticity. This process verifies that the certificate/key provided by the remote server exactly matches the one pinned on the client side. We have already discussed pinning in an earlier post. When an Android application uses ...
