As of the latest release of Chrome, sites not using TLS encryption are being called out in the address bar. Users will now see a “Not Secure” label when visiting sites over plain HTTP, even if the site does not transmit sensitive information.
According to the 2017 OWASP Top 10, XML External Entity (XXE) processing is has taken the number spot for critical web application security risks.
Secure Socket Layers
Much of the following may be common knowledge to most, but many in IT and beyond misuse the term ‘SSL/TLS’ so a refresher can’t hurt.
An insecure implementation of the intent URL scheme revolves around theIntent.parseUri() method. The first thing we did when reversing the Mercury Browser..
VerSprite Research discovered the Baidu Browser for Android insecurely handles the intent url scheme, allowing attackers to arbitrarily read local files…
In part two of this blog series, we will demonstrate iOS reverse engineering by using LLDB to perform basic debugging and message tracing.
We are an international squad of professionals working as one.
Copyright 2018 VerSprite - All Rights Reserved