Instrumenting Electron Apps for Security Testing

This is a re-posting of the original article "Instrumenting Electron Apps for Security Testing" that I have wrote on Doyensec What is Electron? The Electron Framework is used to develop multi-platform desktop applications with nothing more than HTML, JavaScript and CSS. It was initially developed for GitHub's Atom editor and since then it was used to create applications like Discord, Ghost, GitHub, Skype, Slack, Wire and a lot more. While for the traditional desktop application various security techniques exists in order to mitigate...

Posted By

Report: Yahoo Messenger

Advisory: VoidSec-14-001 Disclosure date: December 08, 2014 CVSS Score: 3.2 Vendor: Yahoo Vulnerability discovery date: November 21, 2014   Scarica il Report [IT] | Download the Report [EN]   Introduzione Android offre agli sviluppatori diverse opzioni per salvare i dati persistenti delle applicazioni. I database locali dovrebbero archiviare i dati in maniera differente, a seconda che i dati siano privati e accessibili solo all’applicazione o all’utente e ad applicazioni esterne. In ogni caso, i dati sensibili dovrebbero sempre essere cifrati per evitare possibili violazioni della privacy. L’applicazione per Android, Yahoo Messenger, utilizza un database...

Posted By