Domain-Driven Security
by Rohit Sethi and Yuk Fai Chan The Problem We have a pervasive problem in our field. We lump two disparate classes of security weakness together. Some articulate the difference as “business logic”...
View ArticleMobile Security for the Forgetful
Are you interested in mobile application security? Max Veytsman, a security consultant at Security Compass, will be speaking on this hot topic at the next OWASP Toronto chapter meeting. Come and check...
View ArticleBypassing Android’s Password Screen
This video demonstrates how to bypass the password screen on an android. If you lose your phone, someone who finds it can use this attack to get around the password you set. This attack requires a...
View ArticleWeaponizing the Android Emulator (plus a new tool)
Today, we’re going to look at a scenario where the Android Emulator can be repurposed as an exploitation tool. Specifically, we will look at attacks that involve cloning an application and user data...
View ArticleMobile Security Presentations from ToorCon and MISTI
Max Veytsman and Subu Ramanathan have just returned from presenting mobile security talks at ToorCon in San Diego and the MISTI Mobile and Smart Device Conference in Atlanta. The talks were entitled...
View ArticleBust a Cap in an Android App at Sector 2011
Last Tuesday, Patrick Szeto and I presented “Bust a Cap in a Mobile App” at SecTor, our talk about pentesting Android applications. The slides are available here: Download PPT.
View ArticleWireless Gateway & Transparent Proxy for Mobile Security Assessments
Introduction In a typical run-time web application security assessment, we often use an HTTP proxy to intercept and manipulate client-server traffic. For web applications, configuring browser settings...
View ArticleMobile Security Presentation from Cloud Seminar Day
Today, Yuk Fai Chan and I presented “Bust a Cap in a Mobile App” at the CTE Solutions Cloud Seminar Day. The abstract of the talk was: Enterprises realize the efficiency in which employees operate by...
View ArticlePractical Tips for Wireless Security Assessments in Corporate Environments
When a wireless security assessment is performed, its goals typically include 1) identifying anomalies in the security configuration of the target organization’s wireless infrastructure, and 2)...
View Article
More Pages to Explore .....