What is Memcache? Memcache is temporary data storage service which stores data in <key> :< value> format. It improves the overall performance of the website by storing chunks of data in a cache. Example Scenarios where memcache might be used If the application is having some huge chunk of static data which needs to be displayed to the user as is like List of Countries for a Registration Form or Bank IFSC codes and so Read More…
Summary: LinkedIn has a feature called Project wherein you can add project members from your connections. We were able to discover a way to view a LinkedIn member’s project even if he/she is not one of our connections. We were also able to create a new project and add other LinkedIn members to it without their approval. We were able to achieve this by playing around with some HTTP request parameters. Technical Details Vulnerability A Read More…
Understanding PCI DSS and PA DSS is crucial to the role of a penetration tester. Quoting the relevant PCI-DSS or PA-DSS control reference for your findings would help demonstrate the proper risk arising from common security findings such as support of older SSL versions, weak encryption when storing cardholder data, lack of proper logs from the application, and of course the entire gamut of web application security bugs. PCI DSS for Penetration Testing from Network Read More…
From the year 2012-2025 ICAO(International civil aviation organization) have decided to transform the present aviation environment by introducing new technology which will revolutionize present aviation industry. According to ICAO, the technology responsible to do so is named NextGen (Next Generation Air Transportation System), which is developed by the United States and will be mandatory throughout the US by 2025. Said that they also confirmed that the platform which is used for this is too Read More…
Many times we receive SMS’s on our cell phones displaying messages like the one shown below: Typically a phone number to call or a website link is given which asks the user to provide his/her personal identifiable information – bank account number, PIN, or credit card number – to claim the prize money. When an innocent user provides such information, unauthorized transactions are made from user’s talk time or bank account on user’s behalf. What Read More…