When performing security (or regular) tests on Android applications, we sometimes need to emulate or fake mobile data or actions; making/receiving calls, sending SMS or setting the exact geo-location are some commands that can be done, using the Emulator Console.  Here are a few tricks that will help you through Android application testing using the…

Over recent years, new security standards have been set by the W3C, and implemented by browser vendors. The idea was to create a set of HTTP headers that developers could use in order to add a browser-based layer of security for their web applications. Indeed, many security problems can (or should) be remediated on the client…

In Net beans 8, during debugging (in my case, smali debugging), you cannot change char sequence variables, they are shown as read-only strings. An example of usage is Android text-elements (EditText) whose value is stored in Obj.mText.mText in a char sequence. The following screenshot, shows a Tree view, but you cannot change the field in…

Introduction to negative subtracting We all know about the negative subtracting issue. For example, if I transfer money to you, it is reduced from my account and added to your account. The code looks something like: Myaccount.value = myaccount.value – transfer.amount Youraccount.value = youraccount.value + transfer.amount Now, what happens if I transfer a negative value…

About Formula Injection Almost every website today provides social, financial or informative detail to the internet users. Websites that contain sensitive data about users, such as banks, social networks and online stores, restrict the access to private data by using access-control measures such as authentication, authorization encryption mechanisms and more. However, hackers are still able…

Google published the first version of Brillo, and as IoT researchers, the first thing that we want to do is to quickly compile and run it in order to get a feel for it, investigate it and learn as much as possible about the system… At the beginning of our work we made some assumptions,…

Penetration Test Vulnerabilities Manager is an extension for Burp Suite, written in Jython. It was developed by Barak Tawily in order to help application security professionals manage vulnerabilities Download from Github: https://github.com/Quitten/PT-Manager   Installation Download Burp Suite (obviously): http://portswigger.net/burp/download.html Download Jython standalone JAR (version >= 2.7): http://www.jython.org/downloads.html Open Burp -> Extender -> Options -> Python Environment…

OpenSSL is a widespread, open-source SSL protocol application and is widespread and used by numerous projects and organization for providing rapid, adaptable and “secure” solution. OpenSSL has recently reached headlines again, but on a bad note. As of late (the past two years or so), the older and current versions of SSL have suffered from…

Prologue: The following post was written and published by Checkmarx (link) on their website as part of a collaboration between AppSec Labs and Checkmarx. Originally published on May 26th, 2015 by Amit Ashbel.   Android…. It is no longer just a mobile phone. Nowadays Android applications are running anywhere and everywhere. Home Appliances, watches, TVs,…