[Article updated on November 8, 2022]
Have you used google dorks today? If you have searched for a word within quotes or combined two terms with AND, then the answer is yes.
Googles dorks are advanced search operators that allow you to better target your research.
They can even enable to identify vulnerabilities and strengthen your security, let’s see how.
This series of articles will walk you through the most important topics about security and mobile applications, whatever the platform is (iOS, Android or others).
The objective is to demystify the different aspects of mobile security, in simple words.
This third episode will walk you through vulnerabilities related to data transportation.
This series of articles will walk you through the most important topics about security and mobile applications, whatever the platform is (iOS, Android or others).
The objective is to demystify the different aspects of mobile security, in simple words.
This second episode makes a focus on insecure data storage.
This series of articles will walk you through the most important topics about security and mobile applications, whatever the platform is (iOS, Android or others).
The objective is to demystify the different aspects of mobile security, in simple words.
Do you usually conduct application testing before releasing? In this article you will find out why conducting outsourced penetration testing can strongly strengthen your application security level and your brand image.
Updated: 23 Dec. 2020
This article does not replace a good knowledge of security principles in PHP, but can give you some good advices that really boost security.
There will be nothing to copy/paste straight forward to your PHP files. But we believe that these tips and best practices will bring you long-term benefits if you understand and implement the different points according to your needs and context.
This article is the third of our series dedicated to PHP security. The first article gives you guidelines for PHP configuration, updates, data filtering and sanitization, as well as code organization.
The second article discusses protections against known and common attacks.
We will now take a look at file uploads, CRSF, cookies and security through obscurity.
Updated: 23 Dec. 2020
This article does not replace a good knowledge of security principles in PHP, but can give you some good advices that really boost security.
There will be nothing to copy/paste straight forward to your PHP files. But we believe that these tips and best practices will bring you long-term benefits if you understand and implement the different points according to your needs and context.
This article is the second of our series dedicated to PHP security. The first article “How to Protect Your Website: PHP Security Tips and Tricks #1” gives you basic guidelines for PHP configuration, updates, data filtering and sanitization, as well as code organization.
We will now look at common hacking attacks against PHP websites and how to defend yourself against them.
Updated: 1 Dec. 2020
PHP remains the most popular server-side programming language: it is used by almost 80% of websites (source). This language continues to be developed, and PHP 8 was released last week ! This version brings new features and should enhance security.
However, the security of PHP builds up from its ‘historical’ core features. The following article does not replace a good knowledge of PHP, and there will be nothing to copy/paste directly into your files. But we believe that these tips and best practices will bring you long-term benefits if you understand and implement the different points according to your needs and context.
Today we cover PHP configuration, updates, code organisation and data filtering/escaping.
Updated: 16 Feb. 2021
Business logic flaws remain a type of little-known vulnerability in IT-Security. They are not errors in the logical reasoning, but flaws related to the working of a web application. They are different from technical vulnerabilities, which directly relate to code, implementation or configuration errors.
We regularly find logic flaws during penetration tests, on all types of applications. We find them most frequently on e-commerce sites and SaaS software.
Two Factor Authentication (2FA) is a way to strengthen users authentication.
A good example is when you want to trigger a bank transfer from your bank website: depending on your bank, you may receive a text message on your mobile phone, containing a code that you must put back on the website to confirm the transfer.
The second factor can be a phone, a physical object in your possession, some physical characteristic (biometrics) or a secret that only you know.
A 2FA process comes with some disadvantages: it makes the authentication process more complex, and the second factor has to be “available”, which can be a problem with a mobile. Flat battery, bad network coverage or any other hazard can prevent the process from working properly.