Testing for Cryptographic algorithm and hash misuses

Over the years, we have experienced security-aware applications used various forms of encryption/encoding.  In such applications,  we found programmers incorrectly implement cryptographic schemes, either disclosing keys in client-side, keys in json format in server response.

Some of the tools we used:

Bletchley: https://github.com/ecbftw/bletchley (analyze - https://github.com/ecbftw/bletchley/blob/master/wiki/Overview.wiki#bletchleyanalyze)

CrypTool2: https://www.cryptool.org/en/cryptool2


Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

HttpOnly Session ID in URL and Page Body | Cross Site Scripting

From Vulnerability to Exploit (Joomla! SQL Injection)