Software Security

Archive for May 2014

 

Standard versus proprietary security protocols

Standard Security Protocols An encyclopedia defines a security protocol as “a sequence of operations that ensure protection of data. Used with an underlying communication protocol, it provides secure delivery of data between two parties.” We use security protocols in everyday computing. For example, when we use our domain credentials to login to a Microsoft Windows […]

Continue Reading...

Posted in Mobile Application Security, Security Standards and Compliance | Comments Off on Standard versus proprietary security protocols

 

Cordova InAppBrowser remote privilege escalation

Earlier this year, I identified an interesting vulnerability (CVE-2014-0073) in one of Apache Cordova’s core plug-ins (InAppBrowser). Cordova, also sometimes referred to as PhoneGap, is a popular cross-platform mobile framework that allows developers to write mobile applications in JavaScript and HTML. The JavaScript and HTML code executes within the Cordova WebView and has access to […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Cordova InAppBrowser remote privilege escalation

 

Recent fixes in IBMSecureRandom

I’ve written about several SecureRandom implementations in the past. While analyzing the default SecureRandom implementation in IBM JCE (v1.7) on *nix, I came across several weaknesses. IBM recently released a patch to fix the issues. Let’s take a look at how this SecureRandom implementation works as well as the issues that were recently patched. Note […]

Continue Reading...

Posted in Software Security Testing | Comments Off on Recent fixes in IBMSecureRandom