AppSec Blog

Spot the Vuln - Price

Courage is the price that life exacts for granting peace. - Amelia Earhart Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability … Continue reading Spot the Vuln - Price


UI Spoofing Safari on the iPhone

This is the second in a series of guest posts from security researcher Nitesh Dhanjani. His first post was on Insecure Handling of URL Schemes in Apple's iOS. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011. Popular web browsers today do not allow … Continue reading UI Spoofing Safari on the iPhone


Exchanging and sharing of assessment results

[Cross posted from SANS ISC] Penetration tests and vulnerability assessments are becoming more common across the whole industry as organizations found that it is necessary to prove a certain level of security for infrastructure/application. The need to exchange test result information is also increasing substantially. External parties ranging from business partners, clients to regulators may … Continue reading Exchanging and sharing of assessment results


Weekly Roundup of Web Hacking Incidents

The following web hacking incidents were added to WHID in the past week: WHID 2010-216: DDoS: Myanmar attacks larger than those against Estonia and Georgia - http://bit.ly/cZBLWG WHID 2010-215: Hacker Claims Full Compromise of Royal Navy Website - http://bit.ly/dg9v6q WHID 2010-214: Attack cause Intuit Web-hosting service outage? - http://bit.ly/dn8yed WHID 2010-213: Cops: Hacker Posted Stolen … Continue reading Weekly Roundup of Web Hacking Incidents


Insecure Handling of URL Schemes in Apple's iOS

This is a guest post from security researcher Nitesh Dhanjani. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011 In this article, I will discuss the security concerns I have regarding how URL Schemes are registered and invoked in iOS. URL Schemes, as Apple … Continue reading Insecure Handling of URL Schemes in Apple's iOS