Information Security Monthly Newsletter – June 2018

The newsletter consists of high-level executive summary of most of the important news, articles, data breaches and Microsoft patches details that have been published on information security during the last week. Each new item is very briefly summarized and includes a reference on the web for detailed information. We have…

Regular Expressions for Pentesters

What is a Regular Expressions ? Regular Expression is pattern which is used to match character combinations in a strings. Also known as regex or regexp. Programming Languages that support Regular Expressions ? Java Awk JavaScript Perl Python Php and more Benefits of using Regular Expressions ? Regular Expression helps…

IMPINJ SPEEDWAY R420 RFID READER

IMPINJ is an organization which connects billions of everyday items such as apparel, medical supplies and automobile parts to consumer and business applications such as inventory management, patient safety, and assets tracking. The impinj platform uses RFID to deliver timely information about these items to the digital world, thereby enabling…

Information Security Monthly Newsletter-May 2018

The newsletter consists of high-level executive summary of most of the important news, articles, data breaches and Microsoft patches details that have been published on information security during the last week. Each new item is very briefly summarized and includes a reference on the web for detailed information. We have…

Invoice Plane V 1.5 Cross Site Scripting Vulnerability-CVE-2017-18217

ISECURION is actively involved to secure the open source applications, and dedicating our time, talent and resources for the greater good, it was never a severity or name based hunt for us, we involve in security testing of all type platforms in information security such as application, network and hardware…

Case Study – Penetration Testing Crypto Currency Exchange

Recently we have performed a pentest for a crypto currency exchange site and below are the complete case study of the engagement. Case Study – Penetration Testing Crypto Currency Exchange Introduction: This case study of a start-up company in India who have started Crypto currency exchange in Indian market. Challenges:  …

Penetration Testing RESTful Web Services

Today we are discussing about RESTful web services penetration testing, web services are the technologies used for data transmission between client and server in real time, according to W3C web services glossary a web service is a software system designed to support interoperable machine-to-machine interaction over a network, or we can…

ClickJacking Attacks & Mitigation Methods

The ClickJacking is the attack which is less known by the many of new security aspirants in web application security. The attack involves the overlaying of elements with some social engineering skills to exploit. This vulnerability is raised because of the improper configuration X-Frame-Options header, which is responsible for blocking…

Security Controls Requirements for Aadhaar API providers

With the commencement of Aadhaar project of UIDAI to round up all the citizen of India from centralized data repository of large user database to provide a unique identification of the Indian residents. today i am writing this blog for Aadhaar based authentication service providers companies because companies like NBFC…

Dumping the Firmware from the device Using buspirate

While doing penetration testing there are scenarios in which we need to dump the firmware from the devices.This method is typically used when there are no firmware’s available from vendor site. Today we are going to show you how to dump the firmware from an Wireless router Binatone DT 850W,…