Security DB

With an aim to address rapidly evolving spectrum of cyber threats , We are continuosuly working and developing huge vulnerability and security repository that keep track of all recently released exploits changing the way analysts share and research threat intelligence. Keep your vulnerability database updated with CDI's repository of latest exploits.

Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert lever we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Securify, a dutch security firm, have revealed a serious vulnerability in Pinterest and Yammer iOS apps, which can lead bad actors to perform Man-in-the-Middle attacks.

In an official tweet, Securify showed how burpsuite disclosed the passwords sent over the network within apps and are clearly visible. The vulnerability in the application is caused due to failure of server certificates validation, allowing bad actors to eavesdrop in users' talks. But the issue has been fixed in the latest version of the apps.

One scenario in which the security bug can be exploited is when the targeted user relies on an unsecured Wi-Fi network to access the Internet, experts noted.

Pinterest showed disinterest in the security advisory but internal sources told that pinterest started working on the fix immediately after getting the vulnerability assessment report. Microsoft owned, Yammer iOS app patched the vulnerability and released version 6.4.26.

Implementing proper SSL validation is a significant pitfall for app developers. In some libraries that involve SSL, the default server certificate validation is disabled during development to test the app against a test environment which in general has an invalid certificate. This is equivalent to trusting all certificates, Han Sahin, co-founder of Securify, told. Developers often forget to remove this debugging logic before uploading the app to the market, which results in a lot of apps being vulnerable to MitM attacks, even major brands.

#Pinterest for iPhone app v4.5 leaks your password. #MITM #mobilesecurity @Pinterest pic.twitter.com/1030Zz221A Securify (@securifybv) April 6, 2015

Leave a Reply

Name
Email id
Contact No
Comment