Hello & Welcome to AppSec Labs’ Portal

‍Below you can find our Blog, with posts about hacking stuff,  tools, mobile security and more…

You can also get all our R&D tools on the Lab page and Secure Coding instructions in the Knowledgebase section.

‍Have fun!

AppSec Labs Team

Understanding the Android clearTextTrafficPermitted Flag

Introduction The cleartextTrafficPermitted flag is one of the options in Android’s Network Security Configuration file. The online documentation (https://developer.android.com/training/articles/security-config) explains that from Android 9 (API level 28) and higher, it will be set by default to false and it is intended to prevent insecure communication attempts using clear-text HTTP originating from Android applications. OK, so […]

Angular Template Injection without Quote Characters

Introduction When you’re trying to detect XSS in an Angular application (AngularJS or Angular >2, the version doesn’t matter for this post), you’ll probably try the following possibilities: You enter a basic XSS payload such as <script>alert(0);</script> You find out that the developer encoded the output properly and the < > characters turn into &lt; […]