To secure applications it is often necessary to verify the identity of the user, this process is called authentication. There are several methods to authenticate a user, with passwords being the most common one. Passwords are usually chosen by the user. Those user passwords are often not strong enough and can be easily guessed by brute forcing or simple deduction (e.g. pet names etc.). Continue reading “Ergonomic Password Generator”
- The Future of Bitcoin - 6. July 2017
- Security of Things – World Conference - 21. June 2017
- Immutable, reliable, secure – A brief history of blockchain security - 15. May 2017
Blockchain technology is marketed as the Web 3.0 and because of it’s distributed structure it wipes out single points of failure. But does that mean there are no points of failures at all? Let’s look at some important blockchain hacks / failures from the tech perspective.
[Remark: This is not about $$$ Bitcoin hacks, where lousy DB implementations, web applications, key handling or simply social engineering let to hacked bitcoin exchanges or wallets.] Continue reading “Immutable, reliable, secure – A brief history of blockchain security”
- Fingerprinting of web browsers and the consequences for privacy - 29. November 2016
In April 2016 researchers of the Stony Brook University and Ruhr-University Bochum published a study about (malicious) PHP web shells with the title “No Honor among Thieves: A Large-Scale Analysis of Malicious Web Shells”.  Their goal was to analyze how many PHP web shells contain backdoors or other malicious functions not in the interest of the user. That has to be seen regardless of the fact that web shells are often used for malicious activities themselves.
Here we summarize their findings which in our opinion are of interest for the wider audience in security and penetration test Continue reading “Web Shells and Backdoors”
Web Applications, Web Services, Oracle, MySQL, Linux, SAP R3 are my focus technologies, while my activities are widely spreaded: manual penetration tests, static code analysis, code reviews, consulting, project management
- Hooking Burp Suite in Client Software Communication - 6. July 2017
- PHP: Exploitation with $_REQUEST while validating $_GET - 20. May 2016
- HTTP Side-Channel Attacks with Burp Suite - 25. April 2016
While penetration testing and code reviewing a customer’s web-application I came across an interesting bug I’m going to describe in this article.
The application in question supports third party plugins which often follow their own coding-conventions.
During code review, a Cross-Site scripting vulnerability was detected in one of those plugins:
<?php echo "<a href='index.php?plugin=".$_REQUEST['plugin']."'>Link text</a>"; ?>