WhitePaper Release: Defense against Client-Side Attacks
NotSoSecure
by NotSoSecure
3y ago
TL;DR: A new WhitePaper released “https://insight.claranet.co.uk/cybersecurity/defense-against-client-side-attacks” to help attackers understand client-side attacks and for developers to understand how to mitigate them. In the modern era, the web exploitation world is obsessed with server-side attacks however the data now resides equally on server and client side. Developers focus on fixing server-side Read more The post WhitePaper Release: Defense against Client-Side Attacks appeared first on NotSoSecure ..read more
Visit website
Tool Release: Serialized Payload Generator
NotSoSecure
by NotSoSecure
3y ago
TL;DR: A new tool released https://github.com/NotSoSecure/SerializedPayloadGenerator/ to help with “Serialized Payload Generation” Serialization bugs have been making rounds across the internet. The exploitation of serialization bugs has grown in leaps and bounds in the last few years. We have been closely monitoring this area and addressing it in our pentests Read more The post Tool Release: Serialized Payload Generator appeared first on NotSoSecure ..read more
Visit website
Project Launch : Tracking Browser Security Enhancements
NotSoSecure
by NotSoSecure
3y ago
TL;DR: NotSoSecure is releasing a new project to track security enhancements or downgrades in browsers: https://notsosecure.github.io/browser-security-enhancements/ Introduction Our lives have been slowly moving from desktop applications to browser-based applications and browsers have become an integral part of our life. Current top browsers have a special focus on security and have Read more The post Project Launch : Tracking Browser Security Enhancements appeared first on NotSoSecure ..read more
Visit website
Flutter based Mac OSX Thick Client SSL Pinning Bypass
NotSoSecure
by Rohit Salecha
4y ago
During one of our recent thick client application penetration tests, Sanjay encountered a scenario where the application was built on top of a Flutter framework and had an SSL pinning check in one of the embedded libraries. Due to this check, the application provided an SSL pinning error when it was Read more The post Flutter based Mac OSX Thick Client SSL Pinning Bypass appeared first on NotSoSecure ..read more
Visit website
Let’s Cook ‘Compliance as Code’ with Chef InSpec
NotSoSecure
by Rohit Salecha
4y ago
Introduction The concept of DevSecOps has introduced an array of changes to our traditional operations. One of the major changes was to move away from using tools, to learning to bake our own ‘code’. Of the many things required for an application or an environment to be production-ready, compliance is... Read More The post Let’s Cook ‘Compliance as Code’ with Chef InSpec appeared first on NotSoSecure ..read more
Visit website
Security Architecture Review Of A Cloud Native Environment
NotSoSecure
by Rohit Salecha
4y ago
Overview Due to its massive adoption, cloud computing has become a critical component for every enterprise. A large number of organisations want to migrate to the cloud, however, its security posture is still a blind spot for everyone. Nevertheless, we have seen a big rise in the number of requests... Read More The post Security Architecture Review Of A Cloud Native Environment appeared first on NotSoSecure ..read more
Visit website
Semgrep A Practical Introduction
NotSoSecure
by Rohit Salecha
4y ago
Static Application Security Testing or SAST is a testing methodology that analyses application source code to identify security vulnerabilities (such as, but not limited to, the Injection vulnerabilities, any Insecure Functions, Cryptographic Weaknesses and more). Typically, SAST includes both manual and automated testing techniques which complement each other. In this... Read More The post Semgrep A Practical Introduction appeared first on NotSoSecure ..read more
Visit website
Continuous Security Monitoring using ModSecurity & ELK
NotSoSecure
by Rohit Salecha
4y ago
Recently, NotSoSecure got an opportunity to explore the working of monitoring and alerting systems as a part of a project. In this blog post, Anand Tiwari will talk about his experience and challenges faced while setting up one such monitoring and alerting system.   Insufficient Logging and Monitoring In 2017, OWASP introduced... Read More The post Continuous Security Monitoring using ModSecurity & ELK appeared first on NotSoSecure ..read more
Visit website
Exploiting VLAN Double Tagging
NotSoSecure
by Dhruv
4y ago
We have all heard about VLAN double tagging attacks for a long time now. There have been many references and even a single packet proof of concept for VLAN double tagging attack but none of them showcase a weaponized attack. In this blog Amish Patadiya will use VLAN double tagging... Read More The post Exploiting VLAN Double Tagging appeared first on NotSoSecure ..read more
Visit website
Automating Pentests for Applications with Integrity Checks using Burp Suite Custom Extension
NotSoSecure
by Dhruv
4y ago
During one of our recent web application penetration testing assignments, @realsanjay encountered a scenario where the application employed an integrity check on HTTP request content. The integrity check was maintained using a custom HTTP header that stored the HMAC of HTTP request content based on session-specific CSRF tokens. Any modification... Read More The post Automating Pentests for Applications with Integrity Checks using Burp Suite Custom Extension appeared first on NotSoSecure ..read more
Visit website

Follow NotSoSecure on FeedSpot

Continue with Google
Continue with Apple
OR