AppSec Blog: Tag - google

Password Tracking in Malicious iOS Apps

In this article, John Bielich and Khash Kiani introduce OAuth, and demonstrate one type of approach in which a malicious native client application can compromise sensitive end-user data. Earlier this year, Khash posted a paper entitled: "Four Attacks on OAuth - How to Secure Your OAuth Implementation" that introduced a common protocol flow, with specific … Continue reading Password Tracking in Malicious iOS Apps

Go Google Yourself

Regular spidering should be part of a web application's maintenance regiment. Of course, there are plenty of free and commercial tools to do it for you. Vulnerability scanners will typically come with a powerful spider function. On the other hand, public search engines like Google already do most of the work for you. In particular … Continue reading Go Google Yourself