Vaadata’s Blog - Website and mobile app security

Technical July 22, 2024

Account Takeover Techniques and Security Best Practices

Account takeover is a common practice that threatens the security of users and their data. The impact on victims depends on the type of account targeted. It can be minor if it’s a customer loyalty account but becomes critical for a corporate administrator account.

Attacks use a variety of techniques, often based on large-scale campaigns to steal as many credentials as possible. However, there are also application vulnerabilities enabling more targeted account takeover. The presence of these vulnerabilities represents a major risk for companies, especially if an administrator account is compromised.

Solutions July 19, 2024

SAML: How it Works, Vulnerabilities and Common Attacks

Secure identity and access management has become a key challenge for organisations. Among the solutions available, Security Assertion Markup Language (SAML) has become an essential standard for single sign-on (SSO).

This XML-based protocol enables users to authenticate once and access multiple applications without having to log in again, simplifying the user experience. However, if poorly implemented, critical vulnerabilities can be exploited.

Technical July 8, 2024

Understanding NTLM Authentication and NTLM Relay Attacks

In an office environment, user workstations generally use Windows operating systems and therefore authenticate using protocols developed by Microsoft.

And to centralise authentication management, Microsoft provides its Active Directory (AD), which is based on the Kerberos protocol. However, some machines do not implement this protocol and some networks simply do not have an Active Directory. In these cases, there is the NTLM protocol, which can work between two machines without AD or via the Netlogon process.

Technical June 7, 2024

Sqlmap, the Tool for Detecting and Exploiting SQL Injections

Technical May 13, 2024

Exploring LLM Vulnerabilities and Security Best Practices

LLM Security Vulnerabilities and Exploitations Explained

You’ve probably heard about the arrival of LLMs in a big way, at least with ChatGPT.

LLM (Large Language Model) refers to language processing models. These models are trained to perform all types of linguistic tasks: translation, text generation, question answering, etc.

Solutions May 13, 2024

GraphQL API Vulnerabilities, Common Attacks and Security Tips

Developed in 2012 and made open source in 2015 by Facebook, GraphQL (Graph Query Language) has been under the umbrella of the GraphQL Foundation since 2019.

GraphQL is a query language, i.e. a language used to access data in a database or any other information system, in the same way as SQL (Structured Query Language).

Solutions April 15, 2024

Identification and Authentication Failures: OWASP Top 10 #7

Authentication and, by extension, user identification are central to web applications.

These two mechanisms are used to manage rights and access (for example, between an administrator and a standard user), to partition data between different accounts, to identify different users, etc.

Technical April 11, 2024

Modifying Java Serialized Objects as Easily as JSON

Often, when we hear about Java serialization, we find resources or challenges that only talk about generating and executing ysoserial payloads.

In some situations, this can work. However, as soon as a customer is aware of this possibility, rather than using a more secure format, they generally prefer to use a library such as notsoserial which prevents the deserialization of unauthorized classes.

Technical April 11, 2024

What is a DoS Attack? Types, Exploitations and Security Tips

In the space of 5 years, the number of Denial of Service (DoS) attacks has almost doubled. The result is the paralysis of tens of millions of web platforms and the loss of thousands or even millions of euros by victim organisations.

Companies such as Amazon and GitHub have already been affected by this type of attack. One of the best-known attacks is MIRAI, which used a botnet of nearly 100,000 hijacked machines to make Dyn’s services unavailable in 2016.

Solutions March 11, 2024

Black Box Penetration Testing: Objective, Methodology and Use Cases

During a penetration test, we generally consider 3 test conditions: black, grey or white box.

These test conditions correspond to the levels of information provided to the pentesters in order to carry out a pentest on a specific target. While a white box pentest will consist of providing as much information as possible, during a black box penetration test, the pentesters will have no data on the test target.

Solutions February 29, 2024

White Box Penetration Testing: Objectives, Methodology and Use Cases

When pentesting a web application, an API or an internal network, there are generally 3 approaches: black box, grey box and white box testing.

These approaches or test conditions correspond to different levels of information provided to the pentesters to identify potential vulnerabilities and weaknesses that could compromise the integrity of a target system.

Technical February 23, 2024

Antivirus and EDR Bypass Techniques

Antivirus, anti-malware and EDR are tools commonly used to prevent attacks.

However, these solutions can be bypassed. In this article, we take a closer look at the various antivirus and EDR bypass techniques that can be implemented in a loader: a program whose aim is to execute a malicious payload on a machine by bypassing the various protections in place.

Solutions February 5, 2024

Smishing (SMS Phishing): How to Identify Attacks and Protect Yourself?

What is Smishing?

You will no doubt be familiar with phishing, which consists of sending malicious emails to encourage people to perform sensitive actions, such as entering their credentials on a fake authentication page.

Smishing is very similar, except that the attacker does not send emails, but text messages, hence the name smishing. Essentially, smishing is nothing more and nothing less than SMS phishing.