Pentest Archives - 7ASecurity Blog https://7asecurity.com/blog/ Helping you secure apps and websites Wed, 26 Mar 2025 08:54:19 +0000 en-US hourly 1 https://7asecurity.com/blog/contents/uploads/2019/06/favicon.ico Pentest Archives - 7ASecurity Blog https://7asecurity.com/blog/ 32 32 7ASecurity completes CoverDrop Audit https://7asecurity.com/blog/2024/06/7asecurity-completes-coverdrop-audit/ Wed, 12 Jun 2024 09:46:20 +0000 About CoverDrop Whistleblowers need a secure method to initiate contact and build trust with journalists. Existing tools often cater to later-stage correspondence, leaving crucial, early touch-points vulnerable to surveillance. In addition, many of these tools are difficult to find on newspaper websites, hard to use securely, and offer insufficient user guidance. After conducting workshops with …

The post 7ASecurity completes CoverDrop Audit appeared first on 7ASecurity Blog.

]]>
7ASecurity Completes Bridgefy Audit https://7asecurity.com/blog/2023/07/bridgefy-audit/ Mon, 31 Jul 2023 11:04:27 +0000 7ASecurity worked with Bridgefy to complete a whitebox pentest of the mobile app, SDK, cloud infrastructure, and privacy to help improve Bridgefy’s overall security posture. What is Bridgefy? Bridgefy, a popular mobile messaging app, allows you to send offline messages by leveraging Bluetooth technology. This app aims to provide secure messaging when infrastructure is not …

The post 7ASecurity Completes Bridgefy Audit appeared first on 7ASecurity Blog.

]]>
7ASecurity Completes ArgoVPN Audit https://7asecurity.com/blog/2023/07/argovpn-audit/ Fri, 28 Jul 2023 09:21:57 +0000 This blog post summarizes a whitebox security review conducted by 7ASecurity against the ArgoVPN platform. What is ArgoVPN? ArgoVPN is a free VPN with an unlimited bandwidth that is developed for Android devices. It allows users to visit blocked websites, online services, social media and messaging apps. The developers designed ArgoVPN to meet the needs …

The post 7ASecurity Completes ArgoVPN Audit appeared first on 7ASecurity Blog.

]]>
XMPP MitM attack via PLAIN mechanism https://7asecurity.com/blog/2023/06/xmpp-mitm-attack/ Thu, 08 Jun 2023 08:48:00 +0000 Are you testing MitM of an old protocol that starts using clear-text communications?You should consider spoofing server replies with some downgrade attack! This old trick still works sometimes against protocols that like:XMPP, SMTP, POP3 and others Let’s illustrate this with an XMPP example from the field 🙂 Introduction: In XMPP, credentials are not supposed to …

The post XMPP MitM attack via PLAIN mechanism appeared first on 7ASecurity Blog.

]]>