- Mar 6, 2021
- 8 minutes
Are your mobile banking apps secure?
These past few days I’ve been doing some security checks in my mobile banking apps as I basically never did it since opening the accounts a lot of years ago. I was quite surprised with the difference of security among my bank applications, and it even motivated me to close one of the accounts. …
- Jan 10, 2021
- 6 minutes
The Log Forging Vulnerability And How To Fix It
The Log Forging vulnerability, also known as Log Manipulation is a really low ranked vulnerability that in a lot of cases its to farfetched to be reliably exploited, but on others can be quite easy and cause real damage.
In this post we’ll understand what is log forging and see many different …
- Nov 1, 2020
- 3 minutes
Screen Caching
Screen Caching is another of those vulnerabilities nobody is paying attention to, and this one is quite important.
As an example, even most bank applications are usually ‘vulnerable’ to this issue (most of mine are). And this is a reality even for those focusing on security, like web …
- Aug 15, 2020
- 5 minutes
How to use Facebook for Open Redirect attacks
Some days ago I found an Open Redirect in Facebook website, that I promptly reported to their Bug Bounty Program. There were a lot of warnings that Open Redirect’s are usually false positives, but this one looked legit to me.
Facebook disregarded the report, saying that wasn’t …
- Jul 23, 2020
- 6 minutes
Understanding CORS and SOP bypass techniques
CORS which stands for Cross-Origin Resource Sharing is a system designed to help ‘bypass’ some of the restrictions introduced by Same Origin Policy (SOP prevents javascript code from interacting with resources from other origins).
Basically CORS lets us define a set of …
My Projects
