Previous blog posts you might have missed and maybe you would like to read first for background: Part 1: Intro Part 2: Translating APKs The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG-NETWORK-1: Data is encrypted on the network using …
If you missed Hacking Mandated Apps – Part 1: Intro please start there for background 🙂 Translating APKs in beautiful exotic languages As explained in the intro, the team did not get access to the sources of the app. We had to first retrieve the APK from a Korean APK download service, decompile the APK and then …
NOTE: This was all coordinated work with human rights activists, vulnerabilities were reported, findings public, and talk (below) given! 🙂 Is monitoring your children something your country’s government asks you to do? Do you feel you need the government’s help to parent your child, technologically? What if I told you there is a country that forced its …
With so many automated tools around it is no wonder that many organizations choose to automate some aspects of security testing. There is value in doing this, especially when we refer to fuzzing supervised by humans or in automated dynamic or static analysis to catch suspicious or low hanging fruit vulnerabilities early in the development …
This post is a continuation of How to Write a Winning Proposal, Lessons from Mohit Sharma For Business & GSoC [1/2], so if you missed that, start there. 🙂 This is by far one of the finest proposals OWASP OWTF received for GSoC. I hope you find these tips useful and most importantly help you …
As a mentor of OWASP OWTF (one of the OWASP Flagship projects), I am often asked for advice to put together a great GSoC proposal. How to write a winning proposal, one that will have maximum chances of acceptance. In this blog post I will share a number of tips including examples from Mohit Sharma, …
Yes folks, it is that time again, a new release of the Offensive Web Testing Framework, OWASP OWTF, one of several OWASP Flagship projects: We find OWTF most useful in large assessment where you have little time to evaluate a large number of targets. The ability to launch plugins selectively and dynamically as well as removing work …
It has been a long wait, but finally, OWTF 2.0a “Tikka Masala” is here! Although partly a tribute to delicious Indian food, this release is especially dedicated to all those hard working Indian contributors who have continously demonstrated their passion, professionalism, brainpower and incredible performance, without which OWTF would not be the awesome tool it …
REMINDER: We just released OWTF 1.0 “Lionheart”, Please try it and give us feedback! NOTE: This blog post is a guestpost by Marios Kourtesis, who authored one of the sexiest GSoC 2014 projects this year: WAF Bypasser. An epic joint venture between two OWASP projects: OWASP ByWaf and OWASP OWTF. NOTE: WAF Bypasser is a tool that can be used …
REMINDER: We just released OWTF 1.0 “Lionheart”, Please try it and give us feedback! NOTE: This blog post is a guestpost by Deep ‘dscarson’ Shah, who authored one of the most amazing GSoC 2014 projects this year: Zest support and ZAP integration. And with that, a big welcome and THANK YOU to Deep! OWASP OWTF – Zest support and ZAP …
