Guidelines for pentesting security systems

How do you perform a security test? Ever wanted to perform a penetration test on a security system (website, application, mobile and etc.) and just didn’t know where to start? These days, companies are very concerned about the security in their applications due to the increase in the number of disclosed vulnerabilities and exploits which can […]

Password Autocomplete vulnerability and a workaround solution

Until recently, it was trivial for developers to disable the “save you password” feature implemented by all major browsers. However, in the last years, browser vendors have begun to actively discourage and prevent applications from disabling this feature. Their case is that the safest practice for users is to use a password manager, instead of having their passwords lying around on digital or physical support, where they can be exposed or stolen. Since it’s a client-side issue, they claim that the option should be given to users (and not to the developers) to disable this feature by configuring the browser itself.

Although this may be partly true, it does not take into account highly sensitive applications, which might be used on a shared computer, and which do not want to rely on the browser being properly configured (with autocomplete disabled). If this is your case, you should keep on reading.

It is now a real challenge to find a workaround that will work across all major browsers. So we came up with the following trick which detects the user’s browser version and acts accordingly:

Read more

Advanced Packet Editor – TCP/HTTP Client-Server Proxy

The Advanced Packet Editor (APE) is an open-source project for a TCP and HTTP-based proxy that allows you to intercept and manipulate communication between clients and servers.

We at AppSec Labs have taken the project, modified and improved it into a useful tool for application penetration testing.

This tool is under the GPL license (for more information:
Read more


Improve your Web App’s security with HTTP Headers

Over recent years, new security standards have been set by the W3C, and implemented by browser vendors. The idea was to create a set of HTTP headers that developers could use in order to add a browser-based layer of security for their web applications.

Indeed, many security problems can (or should) be remediated on the client side (e.g. Same Origin Policy), and by improving the security of the platforms it was clear that the overall security level of web applications would increase, with little regard to the actual server-side implementation.

Let’s present a quick overview of these HTTP headers:


Description: Enables a Cross-Site Scripting (XSS) filter in the browser that blocks the malicious reflected XSS code.

Setting: X-XSS-Protection: 1; mode=block

Supported Browsers: IE 8+, Chrome, Safari (WebKit).

Additional Information:


Read more

How to edit Char Sequence objects in net beans

In Net beans 8, during debugging (in my case, smali debugging), you cannot change char sequence variables, they are shown as read-only strings. An example of usage is Android text-elements (EditText) whose value is stored in Obj.mText.mText in a char sequence. The following screenshot, shows a Tree view, but you cannot change the field in table view either.

So, I tried do the same with Net beans 6.8 and I found that it let me edit char-sequence variables. After some research I figured out that in order to enable editing of those variables I need to disable the auto formatting. You do this in tools menu -> options and remove the V of Default Char sequence formatter:

Read more

IOT – Compiling Brillo Easily

Google published the first version of Brillo, and as IoT researchers, the first thing that we want to do is to quickly compile and run it in order to get a feel for it, investigate it and learn as much as possible about the system…

At the beginning of our work we made some assumptions, which we found to have been correct:

  1. Instead of installing a new environment, it will be easier to install it on our AppUse VM which already has a lot of stuff on it.
  2. Google probably built it similarly to Android (both are Unix-based), so we took the Android compilation guide (links below).

Despite these shortcuts, we still came across a lot of trouble… I know for sure that you don’t want to waste your time to find and fix some stupid errors, so let me give you the shortest way to install it in a few steps and one script 🙂
Read more

PT Manager – Penetration Test Vulnerabilities Manager, an extension for Burp Suite

Penetration Test Vulnerabilities Manager is an extension for Burp Suite, written in Jython. It was developed by Barak Tawily in order to help application security professionals manage vulnerabilities

Download from Github:

alt tag
Read more

New SSL Vulnerabilities – Spoofing CA Certificates

OpenSSL is a widespread, open-source SSL protocol application and is widespread and used by numerous projects and organization for providing rapid, adaptable and “secure” solution.

OpenSSL has recently reached headlines again, but on a bad note. As of late (the past two years or so), the older and current versions of SSL have suffered from application issues that were considered critical and which lead to the exposure of almost all SSL-based projects (not to be confused with protocol-level issues such as POODLE and BEAST attacks).

Read more

Android Application Security Sucks! Here’s what to do about it

Prologue: The following post was written and published by Checkmarx (link) on their website as part of a collaboration between AppSec Labs and Checkmarx. Originally published on May 26th, 2015 by Amit Ashbel.


Android…. It is no longer just a mobile phone.

Nowadays Android applications are running anywhere and everywhere. Home Appliances, watches, TVs, car applications and with the Internet of Things kicking in quickly, Android applications will probably become even more prevalent in our lives.

android_dudeAndroid is based on a customized Linux OS version. The main differentiation from the classic PC Linux is that the Android OS was adapted to define every Application on the device as a separate User or entity.

Each Application runs on its own Virtual environment within the  OS called a “Dalvik Machine (DVM)”*. Application code written in Java is modified to Java Byte Code and then converted to DEX (Dalvik byte code). The DVM will generate, on the fly, machine specific instructions to the ARM CPU (or other CPU in use). All Android applications are packaged as an APK (Android Application Package). The APK is a type of archived file which contains everything the android device needs in order to execute the application downloaded via the Google Play store or an alternate source.

*Dalvik is being shifted aside (Android L). Newer Android OS versions are using ART (Android Runtime) however the general idea stays the same.

Read more


OpenSSL – Diffie Hellman and Elliptic Curve Cryptography with Digital Certificates

OpenSSL is a leading open-source SSL solution that offers many features; from client and server communication, to certificates generation and self-signing. The OpenSSL allows a user to issue CA certificates and use them to sign other certificates for both testing and production scenarios. Visit OpenSSL website:
Read more