It has been quite a busy month down at the SG Community. Here are a few of the most popular posts.
Remember you can also Connect to us on LinkedIn and Subscribe to the SG Community to see new posts as they are posted.
How to: Intercept iPhone and iPad SSL connections that require a valid SSL certificate:
With the rising popularity of iPhone and iPad devices, we are running into more and more applications which require a valid SSL certificate for all connections. In order to properly assess the security of these applications, we need to intercept the SSL connections they make. This post shows our technique for doing this. Read More...
HTTPS in Abrupt:
For any of you who have ever played with the Android emulator, you may have noticed the following hiccup: when trying to establish an HTTPS connection – the browser tries to connect to the IP address of the server, rather than its FQDN. Even though in normal usage this is not a problem, it might still create some trouble when using classic HTTPS proxies (e.g. when performing security testing of an application). Read More...
If i had a dollar... (part 2):
After a too long hiatus, our popular list of things that we see go wrong on a regular basis is back. As I’m sat here writing this, I’ve obviously not had a dollar for every time that I’ve heard the following. I can only hope…
“An attacker wouldn’t know that”. Attackers are sneaky people. They generally know more than you think, and unfortunately for those defending against them they have time on their side. With enough effort and desire to compromise something, an attacker will know what they need to.
For more penetration and security myths Read More...