Yes, you heard correct Google Chromium devs announced the news about XSS auditor. The XSS auditor time and again bypassed by the client security researcher to execute the malicious javascript, and this may be the primary reason to be deprecated and removed from the Google Chrome browser. The anti-cross site scripting engine (XSS auditor) is […]
Author: Sandeep Kamble
SecureLayer7 at RISE Conference, Hong Kong 2019
RISE Conference Hong Kong 2019 is Asia’s largest tech conference, and SecureLayer7 is selected in the Alpha program. At SecureLayer7, we decided to release our signature two products at RISE 19 conference as below mentioned. 1) Watch7 AuthSafe The SecureLayer7’s Watch7 AuthSafe is user and entity behavior analytics which gets integrated with applications. AuthSafe provides […]
Gratis Winter Pen Test 2019 Program
Overview : Free Penetration Testing For Open Source Application. We love to help to secure Open Source application and that’s a primary reason every year we provide the free Free Penetration Testing of the open source application. Under the Gratis Pentest in last 3 years, we have evaluated security postures of open source applications such as- Refinery […]
KeystoneJS Open Source Penetration Testing Report – Gratis 2017
Overview Under the Gratis Pentest 2017, we have evaluated security postures of open source applications. For Gratis 2017 we have selected KeystoneJS. In this blog we are discussing about KeystoneJS Open Source Penetration Testing Report and releasing the vulnerabilities details. KeystoneJS is a powerful Node.js content management system and web app framework built on express […]
WPA2 Protocol Vulnerability – Intercepting Password on Wireless Device
Overview The WPA2 Protocol vulnerability allows attacker to decrypt the network traffic from the vulnerable device and it also allow to view the critical information, injecting the packets/data from the vulnerable devices. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks and the researcher who found this vulnerability is not released the working […]
SecureLayer7 Gratis PenTest Summer 2017
Overview Under the Gratis Pentest 2016, we have evaluated security postures of two open source applications i.e. Refinery CMS, PageKit CMS. We perform the penetration testing for the deserving Open Source Application as SecureLayer7’s contribution to Open Source Community. We shall allocate two or three days full time from our working hours to yield a […]
PageKit Open Source CMS Penetration Test
Overview Under the SecureLayer7’s Gratis Pentest Summer 2016, our consultant “Saurabh Banawar” have performed the 2 days penetration testing on the PageKit open source CMS application. Following vulnerabilities Saurabh have found during the penetration testing. Vertical/Horizontal Authentication Bypass or Password Reset Vulnerability (Critical) – CVE-2017-5594 Server side information disclosure (Medium) Misconfiguration Improper use of .htaccess […]
Password Reset OTP Bypass Critical Vulnerability in YesBank Banking Application
I am a customer of YesBank and I hold my savings account with them. I also use the YesBank’s online banking application and I strongly feel that they need to look into security of the application of the bank. So, as a responsible client, I disclosed the vulnerability to YesBank which I recently found in their […]
Google Cloud Print ClickJacking Vulnerability
Last weekend, I had a chance to use the Google cloud print service and found Clickjacking vulnerability. Obviously, X-Frame-Options response header was missing as shown in the below image. According to the new Google bug bounty program, if clickjacking vulnerability is performed using two clicks will not be considered for VRP or bug. That’s why […]
vBulletin SQL Injection Exploit in the Wild CVE-2016-6195
vBulletin SQL Injection Exploit is released. On June 18th, vBulletin forum pushed a patch for the SQLi injection, which is still working on the number of the website according to our research. If you’re using a version of vBulletin 4 older than 4.2.2, the cyber criminal could probably hack you. Moreover, they could most probably […]