AppSec

In critical web apps (such as banking, finance, healthcare), payload encryption is often implemented to protect sensitive data during transmission. Most developers and product owners assume that encryption is secure and tend to apply it as a final foolproof fix to prevent tampering of data. Although encryption does add a layer of security, it is not always effective if not implemented correctly. This blog post explores common techniques used to break payload encryption in web applications. ...

Setting up a virtual lab for Android App security assessments.

What are HTTP headers? HTTP headers are a list of key-value pairs which are sent along with HTTP requests and responses. Let us take an example with below request(left) and response(right): In the above snapshot, we can see that we have an HTTP request being sent to Host. Along with that request/response, we see Key:Value pairs, these are HTTP Headers. These look similar to YAML format. ...