Mobile phone applications have quickly become a part of our daily lives. To date, there are over 2.6 million applications on the Google Play store alone. In this article we will be looking at reverse engineering Android applications to find hard coded credentials. These credentials, in a real life scenario, would likely be hard coded API keys.
Burp Suite Pro is arguably one of the most popular Web application testing tools available, and one that I myself have used for many years. It provides a variety of powerful automated and manual tools to interrogate applications and identify vulnerabilities. Yet there are certain tools within Burp Suite that most testers seldom use. One such tool is called ‘Sequencer’, a powerful automated solution for finding weaknesses in the ‘randomness’ of token values.
All developers start off as a Junior. Here are some common pitfalls that Junior Developers fall into and how you can avoid them.
In our last blog we spoke about how using a simple passphrase is more secure than using a complex unfriendly password. This blog will expand on this concept and introduce a few more things we can do to make user accounts even more secure.
In part one of our look into passwords we look into Password Policies! There is loads of conflicting information out there and it’s difficult to find the balance between security and usability.
A quick Google search for ‘data breach’ returns countless results. Just recently our sister company,... View Article »
CryptoJacking or ‘drive-by mining’ is an attack vector that became prevalent amongst hackers due to... View Article »
Pentest People are proud to announce that they have been awarded ISO9001 and ISO27001 after a successful audit by ACM.
This blog post covers Clone Phishing. What is Clone Phishing? How can you protect yourself from this Social Engineering attack?
In a previous blog post, we explained the basics of Phishing. This post will go... View Article »