Tag: AppSec

Ctrl + Alt + Security

Forgot Password Vulnerability leads to Account Takeover

Hello all, recently I have found an “Forgot Password – Account Takeover” vulnerability in one of the famous mobile application (the vulnerability is now fixed).  Although, this might not be the new finding or any miracle attack. I just wanted to share this because here I wanted to share how badly the forgot password functionality was…
Read more

security

Best Open Source Mobile Application Security Scanners

Below are some of the best open source mobile application security scanners: OWASP Zed Attack Proxy (ZAP): The OWASP ZAP is one of the world’s most popular mobile app security testing tools that is free to use and is actively maintained by hundreds of volunteers worldwide. OWASP ZAP helps in finding security vulnerabilities automatically in applications during the…
Read more

Pentesting Methods & Methodology

Secure Code Review Vulnerability Assessment Penetration Testing Secure Code Review Pure Play White box Security testing Manual Source code review with automated code scanning using Industry recognized tools Finds vulnerabilities earlier in the SDLC Less expensive to fix security vulnerabilities Covers the latest technologies/programming languages used by developers Vulnerability Assessment Pure Play Black Box Security…
Read more