Pentest Diaries – Negative Transfers and Android eWallets don’t Mix

eWallets, or digital wallets are becoming evermore popular. Most Android eWallets are apps that allow a user to make electronic transactions, including purchasing items online or in-person. Some services even allow an individual’s bank account to be linked to the service. Naturally, breaking the security of such a system is not only interesting, but potentially, […]

Read More →

Hunting for XXE in Uber using Acunetix AcuMonitor

XML External Entity (XXE) vulnerabilities are attacks which involve an attacker abusing an application which parses XML. The attack occurs against an XML parser which has XML entities enabled. If you are not familiar with XML entities, you can think of them as a rarely used, typically automatically enabled feature in many XML parsers which […]

Read More →

In the headlines: LastPass vulnerability, Hillary Leaks, remote code execution vuln on Pornhub, and more

LastPass password manager vulnerability gives hackers your passwords LastPass is one of the most popular password managers around and can also be added to your browser, allowing you to store and auto fill all your passwords, using just one master password to access them. So worryingly, a recently discovered zero day allows attackers to remotely […]

Read More →

4 Tips to kickstart your web application security effort

Securing web applications is not an easy task; especially when the application is constantly changing and business-critical. Identifying where to start could be overwhelming, especially if you’re just dipping your toes in web application security. Here are four tips to help you get started. 1. Know your target This is one of the most important, […]

Read More →

Securing MySQL Server on Ubuntu 16.04 LTS – Configuring MySQL Securely, Part 2

In part 1 of this series, we looked at Installing MySQL Server on Ubuntu 16.04 LTS. In this second part, we will be looking at configuring MySQL securely. Configuration We will start off with the most common settings by opening the default MySQL configuration file using the nano text editor. secuser@secureserver:/# sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf User MySQL […]

Read More →