Nikhit Kumar

Application Security, Technology

(In)Secure Authentication schemes in REST APIs

To make authenticated REST API calls in applications, several authentication schemes are used by developers. Some of them use HTTP Basic Authentication scheme, and others, as per their needs(or wants), use custom authentication schemes. Now, it's good to experiment but not at the cost of security. In this blog, we will look into the...

29-Feb-2016

Application Security, Technology

Exploiting ‘Export as CSV’ functionality:The road to CSV Injection

Many applications provide an option to download some data as a CSV file. More often than not, this downloaded data is user controlled data. For instance, take the scenario where an administrator can export the data of all the users as a CSV file. The fields in the file include the details filled by the users. So technically, the...

11-Dec-2015

Application Security, Technology

Abusing Password reset functionality to steal user data (Part–3)

We saw different implementations of a password reset functionality to ensure application security along with their best practices in the first and the second blogs of the series. In this final blog of the series, we will discuss the concept of Multi-Factor Authentication (One Time Passwords i.e. OTP) for the implementation of a reset...

17-Nov-2015

Application Security, Technology

An essence of Application Security in Financial Sector

Digital innovation has been evolving and growing in the financial space with time. It is no secret that the financial companies today see digital presence as a key component to their company's success. Customers can now manage their finances from anywhere and at anytime using these digital offerings. But, this raises a serious issue. With...

19-Oct-2015

Application Security

Six Common Mistakes that may put your Application Under Risk

A thief picks a lock to open it. But if the key is already available, it’s a piece of cake for the thief. Such is the nature of applications and hackers today. All it takes is one mistake from the developer(the key) and the hackers capitalize on that mistake (the theft). It has been rightly said, ”Security is only as strong as the...

06-Oct-2015

Application Security

Extra Layer of Security in Applications : Do’s and Don’ts

Almost every web and mobile application today gives you an option to create an account. Once you have created an account, you can login and access all the features of the application. This login process allows you to manage data that is private to you. This feature is referred to as Authentication, where a user is authenticated to use a...

01-Oct-2015

Application Security

Malvertising: The dark side of Advertising

Ever faced a situation when you click on an advertisement, nothing happens and you are just redirected to a random strange website which you do not like or probably, as soon as you click an ad, numerous pop-ups come up and close automatically. There's a good chance that you might have clicked on a 'malvertisement'. In this blog, we will...

07-Sep-2015