Category Archives: Technical

Exploiting the SSRF vulnerability (2/2)

In this previous article, we have seen what a SSRF vulnerability is, and how, in general, it can be exploited. We had placed ourselves in a quite simple theoretical framework, but various elements (either due to the vulnerability itself or due to security implementations) can make the task more complicated.

In this article, we will have a look at various methods to go further. On the agenda:

  • Various methods for manually bypassing filters;
  • SSRFMap: a semi-automatic operating tool.
Continue reading

Introduction to Burp, the Dedicated Tool to Web Platforms Security

Introduction to Burp Suite - Proxy, Scanner, Intruder and Repeater

Burp, by information security professionals, is often said to be our best friend. Burp doesn’t ring a bell? It is a software dedicated to web security audits, used by a majority of information security professionals. First, we will present you the software Burp and four fundamental modules. For those already familiar with the tool, a second more technical article details some functionalities and extensions to gain efficiency.

Continue reading

Bluetooth Low Energy & Security of Connected Devices

Alternative to classic Bluetooth, Bluetooth Low Energy is chosen increasingly for the IoT. This technology, also known as the abbreviation BLE, is establishing itself for connected devices, as it is ideal to send small amounts of data between devices and to preserve the battery; which matches the IoT’s needs perfectly. Classic Bluetooth, on its side, is used to send large amounts of data between a device and a user (wireless headphones and speakers are using Bluetooth for example).

BLE and security

While these two Bluetooth protocols are used for different purposes and are not compatible, they are nevertheless to some extent similar, as they have common technologies (software and hardware), such as the one managing pairing. Thus, security manager has to keep in mind that security breaches that impact classic Bluetooth affect sometimes Bluetooth Low Energy too; however, the latter has its own features and therefore its specific flaws.

Continue reading