Security Brigade Blog

Opinions on Penetration Testing, Web-Application Security, Network Security, Mobile Security & Everything In Between

5 Steps to Avoid Phishing Scams in E-mail

By | December 25, 2012

Anyone with an e-mail account, has at some point of time received phishing or scam e-mails. These range from Nigerian Princes to Local Banks requesting funds, assistance and so on. Some of these e-mails may be legitimate (sans the Nigerian prince), however most of these are a common technique known as phishing. Phishing scams are […]

How to Fix Unvalidated Redirects and Forwards

By | May 2, 2012

An unvalidated redirect allows an attacker to exploit the trust a user has in a particular domain by using it as a stepping stone to another arbitrary, likely malicious site. An unvalidated forward allows an attacker’s request to be forwarded past security checks, allowing unauthorized function or data access. How do I Fix Unvalidated Redirects […]

How to Fix Insecure Cryptographic Storage

By | May 1, 2012

Hashing is the first step towards secure cryptographic storage of data before passing it to the database. It is advisable to make sure sensitive parameters like password, credit card information is encrypted by using hashing algorithm so that in the event of a database compromise such information is still secure. To make the hashing stronger […]

How to Fix Cross-site Request Forgery Vulnerability(CSRF)

By | May 1, 2012

Cross-Site Request Forgery (CSRF) is an attack that allows a hacker to perform an action on the vulnerable site on behalf of the victim. The attack is possible when the vulnerable site does not properly validate the origin of the request. The attack is performed by forcing the victim’s browser to issue an HTTP request […]

How to Fix Insecure Direct Object Reference Vulnerability

By | May 1, 2012

Many times application references an object (files) to generate web pages. A simple example is when a user requests his mobile bill and the application fetches it from the server and displays on his screen. Applications don’t always verify the user is authorized for the target object. This results in an insecure direct object reference […]

How to Fix Cross-site Scripting Vulnerabilities

By | May 1, 2012

Websites often accept user input for the application to display on the screen. If the application is not careful enough with its treatment of user (attacker) input, it is possible for an attacker to inject malicious data, which when displayed on the screen can execute HTML or JavaScript code in the user’s browser. This vulnerability […]

How to Secure Home Wireless Network

By | May 26, 2011

As most of us in India have noticed, Wireless Networks have been in the news these days for all the wrong reasons. These open networks have always been used by tech-savvy users however lately they have been utilized by malicious organizations to carry out their nefarious purposes (e.g. the recent bomb blasts). The home user, […]

What is a SQL Injection Vulnerability?

By | May 24, 2011

An SQL Injection attack is a code injection attack when input from an attacker reaches one of your databases without any filteration or validation. As a result of such an attack, a malicious user may be able to: Execute any read / write / update / delete query on your database. Execute system level commands […]