Showing Posts From
August 2019
-
Kamil Breński Krzysztof Pranczk Mateusz Fruba - 21 Aug 2019
How Secure is your Android Keystore Authentication?
This article explores vulnerabilities in Android Keystore authentication mechanisms for local device security. Multiple security weaknesses were identified in how developers implement biometric and keystore authentication in Android applications. Frida scripts were developed to help security professionals audit and test the robustness of Android application authentication implementations.
- Oliver Simonnet
- 8 Aug 2019
Getting Real with XSS
This article provides a comprehensive guide to practical Cross-Site Scripting (XSS) attacks in modern web applications. It explores technical challenges such as innerHTML limitations, Content Security Policy (CSP) restrictions, and techniques for bypassing browser security controls. The guide demonstrates how to craft meaningful XSS payloads that go beyond simple alert demonstrations.