August 28, 2017

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

This blog covers Cross-Site Scripting (XSS) vulnerability from a different perspective. Generally, XSS is when the application takes user supplied JavaScript and displays it without escaping/encoding. […]
August 6, 2017

Memory Forensics & Reverse Engineering : Thick Client Penetration Testing – Part 4

Static Analysis/ Reverse Engineering for Thick Clients Penetration Testing 4 Hi Readers, let’s take a look into static analysis. The advantage which thick clients offer over […]
August 5, 2017

Java Deserialization Exploit Resulting RCE on Thick Client Penetration Testing – Part 3

Thick Client Penetration Testing – 3 covering the Java Deserialization Exploit Resulting Remote Code Execution Welcome Readers, in the previous two blogs, we have learnt about […]
July 29, 2017

Detailed Traffic Analysis for Thick Client Penetration Testing – Part 2

After getting the basics of thick client pentest, let’s delve into the very first steps you can take to commence thick client pentest. Interception and setting […]
July 29, 2017

Introduction to Thick Client Penetration Testing – Part 1

Why thick client penetration testing? Thick client applications are not new having been in existence for a long time, however if given to perform a pentest […]
July 11, 2017

How are work, life and things at SecureLayer7

What we do at SL7? Look at SecureLayer7 Review In this blog post, we will see how are work, life and things at SecureLayer7. We are […]
May 4, 2017

OWASP TOP 10: Insufficient Attack Protection #7 – CAPTCHA Bypass

What is CAPTCHA? CAPTCHA is an acronym for “Computer Automated Public Turing test to tell Computers and Humans apart”. It is used to determine whether or […]
February 26, 2017

SecureLayer7 Gratis PenTest Summer 2017

Overview Under the Gratis Pentest 2016, we have evaluated security postures of two open source applications i.e. Refinery CMS, PageKit CMS. We perform the penetration testing […]
February 14, 2017

OWASP Top 10 Details About WebSocket Vulnerabilities and Mitigations

Socket in a Nutshell A socket is an endpoint of a network communication. A socket always comes in 2 parts: An IP address and a port. […]