DEfO is developing an implementation of the Encrypted ClientHello (ECH) mechanism for OpenSSL. This effectively closes a privacy loophole in the Transport Layer Security protocol. Project Overview The DEfO project is developing an implementation of the encrypted ClientHello (ECH) mechanism for OpenSSL, which is a widely used library that provides an implementation of the Transport …
We are thrilled to announce the return of the Free Pentest Contest for 2023: This is your chance to win a complimentary, professional pentest and fortify your defenses against cyber threats 100% for free, no strings attached. In short: The winner gets a 100% free pentest, with no less than the usual quality of our …
Compliance, Free Fix Verification, Free Free Pentest Contest, Free Pentest, ISO 27001, Mobile Application Security, Network Security, OWASP Top 10, Penetration Testing, Quality Guarantee, SOC2, Web Application Security
7ASecurity worked with Bridgefy to complete a whitebox pentest of the mobile app, SDK, cloud infrastructure, and privacy to help improve Bridgefy’s overall security posture. What is Bridgefy? Bridgefy, a popular mobile messaging app, allows you to send offline messages by leveraging Bluetooth technology. This app aims to provide secure messaging when infrastructure is not …
Android, Bridgefy, cloud, Cloud Audit, iOS, messaging app, Mobile Application Security, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, OWASP Application Security Verification Standard, OWASP Testing Guide, OWASP Top 10, Penetration Testing, Pentest, Security News, Web Security
This blog post summarizes a whitebox security review conducted by 7ASecurity against the ArgoVPN platform. What is ArgoVPN? ArgoVPN is a free VPN with an unlimited bandwidth that is developed for Android devices. It allows users to visit blocked websites, online services, social media and messaging apps. The developers designed ArgoVPN to meet the needs …
Android, ArgoVPN, Mobile Application Security, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, OWASP Top 10, Penetration Testing, Pentest, Security News, VPN
7ASecurity had the privilege to collaborate with the Open Source Technology Improvement Fund (OSTIF), as well as the K-9 Mail and Thunderbird teams at Mozilla, in a recent security audit of the Mozilla K-9 Mail application. What is K-9 Mail? K-9 Mail is an open source email application that runs on most Android devices. Ideally, the application is reliable, intuitive and secure …
Android, K-9 Mail, Mobile Application Security, Mobile Security, Mozilla, Network Security, OSTIF, OWASP Top 10, Penetration Testing, Security News, Thunderbird, Web Application Security
Get 50% off and become a cybersecurity ninja without breaking the bank. Seize the Summer Sale on all 7Asecurity Self-Paced Courses! Ready to level up your hacking skills? Visit our store https://store.7asecurity.com/discount/SUMMER50 and unlock a 50% Discount with Code SUMMER50: Enjoy Lifetime Access, access to all future updates, Lab Slides & PDFs, and Video Recordings! …
cybersecurity, hacking, Hacking courses, Mobile Application Security, Network Security, OWASP Top 10, Penetration Testing, sale, Security Training, Training, Web Application Security
We are thrilled to announce the return of the Free Pentest Contest for 2023: This is your chance to win a complimentary, professional pentest and fortify your defenses against cyber threats 100% for free, no strings attached. In short: The winner gets a 100% free pentest, with no less than the usual quality of our …
Compliance, Free Fix Verification, Free Free Pentest Contest, Free Pentest, ISO 27001, Mobile Application Security, Network Security, OWASP Top 10, Penetration Testing, Quality Guarantee, SOC2, Web Application Security
Are you testing MitM of an old protocol that starts using clear-text communications?You should consider spoofing server replies with some downgrade attack! This old trick still works sometimes against protocols that like:XMPP, SMTP, POP3 and others Let’s illustrate this with an XMPP example from the field 🙂 Introduction: In XMPP, credentials are not supposed to …
Do you have doubts about the security of your applications and systems? This is not just necessary for compliance such as ISO 27001 or SOC2: As attackers continue to develop new methods to exploit vulnerabilities, it’s crucial to keep up with the game. At 7ASecurity, we offer penetration testing services to help you stay ahead …
This blog post summarizes a whitebox security review conducted by 7ASecurity (an OTF Red Team Lab partner) against the implementation of the minivpn OpenVPN implementation. What is minivpn OpenVPN minivpn is a minimalistic OpenVPN implementation in Go (an open source programming language) that eliminates privilege escalation attacks by design, as it runs with the permissions of the regular user. …