Blog Post – AVsecurity

security, information security, hack, bug bounty, OWASP, security review document, avsecurity, vinesh redkar, ajinkya patil, anagha devale, penetration testing, vulnerability assessment, vapt, web application security, business security, risk assessment, Microsoft direct access review, latest hacks, security news,research Blog Post – AVsecurity

Dirty COW Vulnerability (CVE-2016-5195)

Oct 25, 2016

Recently Security Researcher has uncovered an critical vulnerability in 2.6.22 versions(which was released in 2007) of Linux Platform and Android Platform. In short this vulnerability attackers to gain root access to servers and take control...

AT&T Arbitrary Code Execution Vulnerability

Jul 26, 2016

Recently, I found an interesting issue Remote Code Execution for AT&T bug bounty program. But before going into this let’s understand Arbitrary Code Execution – Arbitrary Code Execution also know as command...

Windows Mobile Application Security – Part II

May 13, 2016

Now Next Step accessing application internal storage Accessing Internal Storage of APPLICATION using reg eDITOR Application Windows do not allow access to the internal storage of its application even with...

Windows Mobile Application Security – Part I

Mar 20, 2016

We need access to internal storage of device to proceed with security testing, however,Windows devices don’t allow users access to its internal storage. Naturally, for accessing internal storage we need unlocked Windows...

MongoDB Security Review Document

Aug 17, 2015

We are happy to announce Security Review guidelines for MongoDB. CIS guidelines are not available for Mongo DB and we thought this might be helpful for you. Content has been...

Disable IIS 8.0/8.5 Banner Information

Jul 29, 2015

Below are the steps of how to fix the banner (version information) in IIS 8.0/8.5 Step 1: Install the latest version of Microsoft Web Platform Installer (https://www.microsoft.com/web/downloads/platform.aspx/). Step 2: Install...

Security Review of Microsoft DirectAccess Implementation

Jul 17, 2015

This article presents the key risks with DirectAccess and how to audit them. Let’s begin by first understanding the DirectAccess technology Introduction of DirectAccess From the Wikipedia definition DirectAccess, also known...

Decrypting Password Encryption -HP ALM Product 11

Jun 17, 2015

Hi All, It’s been long time haven’t write any security post but i have come up with security issue on HP ALM Product 11. While testing HP ALM Product latest...

OpenSSL Heartbleed Vulnerability

Apr 1, 2014

Hello Every One, Recently Web Researcher has uncovered an extremely critical vulnerability in recent versions of OpenSSL in short this vulnerability allows anyone on the Internet to read the memory of the systems protected by...

Insufficient Authorization Vulnerability in Yahoo! Pipes

Feb 18, 2014

Recently, I found an interesting issue qualifying on Yahoo! Pipes. But before going into the details of this specific issue, let’s understand some basic points. What does Authorization mean? In...