I wanted to celebrate this new year by giving something back to the community and so i am making my old Android Security Course content public. I used to run android security training which started with basics of android and evolved to pin pointed android pentesters specific pain point solving course. for the last 3 …
With all the hype and craze around HTTP/2 and various TLS Versions, there is one questions which appears every now and then. I am doing all this upgrading versions allowing new ciphers enabling https etc, but is anyone using them. Also with PCI mandate of closing TLS 1.0 and TLS 1.1 looming large, we need …
Monitoring HTTP and TLS Versions in use via Awstats Read More »
This post is about a vulnerability disclosure around DOM XSS which as forgotten somewhere during the process and i encountered it recently and then went on my way to get it fixed. This post outlines various learnings and observations i made during this effort.
This post discusses WordPress Comment XSS affecting version 4.2 or below. I have outlined the internal working of this specific XSS.
This post outlines my new tool which allows users to clone entire set of public repositories of a specific user or organization. This can also be used to create a backup of all repositories.
After a gap of 1 month finally releasing the droidcat application. DroidCAT application is developed as part of HaXdroiD project which is right now in closed tested status. Lets talk about DroidCat today. What is Cat-Droid? DroidCat is inspired by firecat and aims to be a one stop solution to finding all ethical hacking / …
DroidCAT – Android Application collection for Security professionals Read More »
Today i am releasing the paper which i presented recently at C0C0N conference at ernakulam. this paper outlines where security misconfiguration that can lead to device compromise, data theft and so on. Hope this helps in secure development and deployment of custom ROM’s. http://anantshri.info/articles/android_cust_rom_security.html The link contains download for both my slidepack as well as …
Whitepaper : Security Issues in Android Custom ROM's Read More »
Today I am presenting my work for past some days in form of a white paper. This white paper basically outlines the automated finger printing methods, techniques and ideas for prevention automated methods to work on your site. BTW those who are having wappalyzer on there browsers just enjoy visiting my Joomla Powered Website. 😀 …
White Paper : Web Application Finger Printing : Methods/Techniques and Prevention Read More »
During Recent days we have seen a phenomenal increase in usage of Google Chrome Browser, however Security Professionals are still looking at Firefox for there day to day life usage, the basic reason behind it is large set of firefox extensions backing it up, we have also custom builds like OWASP Mantra doing the round. …
Tips for Db Security Disclaimer : This post keeps in mind the web frontends and web applications based attacks on DB Servers in mind. Any Userid used for web application connectivity should be clipped to specific ip addresses that could be localhost in case of same server usage for Db and App server. If two …
Database protection Techniques : a different prespective Read More »