Menu

Category: Tech

Web App Vulnerability Scanning with OWASP ZAP

In Information Security, Tech4 Comments Damilare

In this tutorial, I will describe the steps necessary for scanning your web application for vulnerabilities using the OWASP Zed Attack Proxy (ZAP). The Open Web Application Security Project (OWASP) is an online community dedicated to web application security. According to OWASP: The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. I will be using a web application designed specifically to help us hone our pentesting skills in a

Continue Reading

Spoofing Signature Permissions in Android

In Information Security, TechLeave a comment Damilare

Intro What if I told you that your signature could be successfully forged in a few simple steps? My guess is that you would instantly go from your current relaxed pose to that hunched one with the Hawk-Eyed stare. Signatures are synonymous with proof of authenticity in both physical and digital worlds. It’s no different on the Android platform which allows developers to define custom permissions to protect publicly available application components or features. There are 4 types of custom

Continue Reading

Is Your Web App Caching Sensitive Data?

In Information Security, TechLeave a comment Damilare

Users often visit the same web pages multiple times. Although some page contents might change, a lot of it stays the same. Browsers can cache (store) data so that unchanged web page information does not have to be downloaded again. This saves time and bandwidth. Imagine a web application that has secure pages protected by a login/ authentication feature. After a user authenticates, that application could display sensitive data about a user such as address, credit card details, or username.

Continue Reading

Hacking In-App Purchases: Exploitation & Protection

In Information Security, Tech1 Comment Damilare

It is the ultimate free trial. With the increasing prevalence of in-app purchases and the freemium model (especially in the mobile universe), users get free access to apps or games and only pay for certain “cool” features or functionality. It seems to work well for both parties, the users and the developers. Developers get to spread the word about their new creation by lowering and just about removing the most common barrier to adoption, payment. Users however, get to enjoy

Continue Reading

My Google Hacking Adventure

In Information Security, Tech Damilare

Seeking Google Dorks Inept or foolish people as revealed by Google, the Google Dorks. That’s the label used by Google Hackers to refer to persons who through negligence or ignorance leave very vulnerable websites/systems on the web . Google Hacking, a term created by Johnny Long, refers to The process of using specially crafted, but otherwise legal search queries to find security holes in web applications. It has been said that popular hacker groups such as Anonymous and LulzSec use Google

Continue Reading

Evaluating Near Duplicates in Twitter – Part 1

In Information Security, TechLeave a comment Damilare

Introduction Twitter has become a very popular micro blogging tool used for the expression of views and to broadcast news or events. As people post to Twitter in real time, millions of microblogs (tweets) are generated every second for major events. Near-duplicate detection in Twitter is of increasing importance due to the primary role it plays in first story detection, spam detection, and many other clustering processes. In this blog series, we evaluate how different combinations of similarity measurement techniques,

Continue Reading

More than Tools and Gadgets

In Information Security, TechLeave a comment Damilare

What’s an Engineer without his/her tools and gadgets? You can hardly separate one from the other. In fact you could ask any engineers you know about their childhood and you’ll get answers centred around the same theme. A childhood spent building things, tearing them down, figuring out how it all fit together, their plethora of tools never out of arm’s reach. Yes, I dare say an Engineer who isn’t crazy about tools really isn’t an Engineer at all. Yet, like

Continue Reading

A Day of Software and Internet Bugs!

In Information Security, TechLeave a comment Damilare

My day started innocuously enough. I had to meet with different product teams to check if any of their past or current projects included specific cryptographic packages. This was required for one of various research initiatives at the company and I didn’t attach much importance to it at the time. Afterwards, I spent some sometime analysing the communication between one of our Android products and its back end servers using the Burp Proxy Suite. Deep house was playing on my

Continue Reading

How to Be a Developer and Have a Life

In TechLeave a comment Damilare

Sometimes the code just takes over. If you have ever written programming code, I’m almost certain that you understand what I mean. At times your code seems to take on a mind of its own as it usurps your independence of thought. You’re fixated on your screen, typing away frantically like your life depends on it, which it probably does. It’s at times like this that your code could cruise you to never never land. This short post is aimed

Continue Reading

Sliding Sidebar

About Me

About Me

Hi there, Thanks for stopping by! I'm Damilare, a Security Architect at Intel Corporation, an author, and an un-hibernating entrepreneur. I started this blog as my little contribution to the information sharefest that is the internet. I'm a Jesus follower who enjoys nature, and exercise. Here’s to sharing and connecting!

Tweets