Archive

Posts Tagged ‘vulnerability’

Android Application Penetration Testing

May 18th, 2011
Bonsai Information Security is providing a new service.

This service aims to: raise the security level of applications developed in this platform, detecting potential vulnerabilities that could generate risk to the company. Our methodology includes the analysis of file permissions, system processes, databases, system calls, HTTP Requests, Webservices used and logic operations specific to the application. Thus, it would detect possible security breaches that would be reported with strategic recommendations that seek to mitigate them.

For more information:

lucas.apa bonsai, open source, security , , ,

Twitter Open Redirection Vulnerability

August 3rd, 2010

Twitter LogoRecently, we’ve found an Open Redirection vulnerability in Twitter. To understand a little more about this, we can cite OWASP’s definition:

“An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.”

The following Proof of Concept was sent to the Twitter security team:

https://twitter.com/login?redirect_after_login=http://www.bonsai-sec.com

After a successful login, the affected user is redirected to http://www.bonsai-sec.com without any warning allowing possible phishing attacks.

This vulnerability was patched by Twitter security team last week (after we reported it and got almost no answer from them).

Detailed information can be found at: http://www.bonsai-sec.com/en/research/vulnerabilities/twitter-open-redirect-0108.php

nahuel bonsai, security , , , , ,