Browsed by
Category: # General

Securing Android Application User Sessions

Securing Android Application User Sessions

Android application developers grapple with implementing user sessions that provide seamless user experience without compromising on application security. Android framework provides the option to use SharedPreferences, which is an easy and efficient way to store a small amount of key-value data especially for persisting user sessions. SharedPreferences however store data as plain text and therefore not ideal while storing sensitive data such as access keys and passwords as well as Personally Identifiable Information (PII). OWASP Mobile Top 10 highlights Insecure…

Read More Read More

Spring Boot Authentication and Authorization

Spring Boot Authentication and Authorization

Spring Boot is an open source Java-based framework that is widely used to create enterprise level microservices. Implementing secure authentication and authorization in such microservices brings up a new set of challenges to developers. Spring Security comes in handy by providing a powerful, secure and customizable authentication and authorization framework. Spring Security makes use of a Role Based Access Control (RBAC) model to help mitigate some of the inherent Authentication and Authorization security threats such as violation of least privilege…

Read More Read More

Authentication Bypass Through PHP Type Juggling

Authentication Bypass Through PHP Type Juggling

PHP supports two common ways of comparing variables. One way is through loose comparison (== or !=) and the other is through strict comparison (=== or !==). Loose comparison checks whether both variables have “the same value” while strict comparison confirms if both variables have “the same type and value”. PHP type juggling vulnerabilities arise when loose comparison is employed instead of strict comparison in an area where the attacker can control one of the variables being compared. Illustration When…

Read More Read More