MOBILE APPLICATION VULNERABILITIES
Reverse Engineering: Applications published on Google Play or
Apple App Store can be reverse engineered by malicious users and create similar
applications. Companies can lose their intellectual property.
Insecure Data Storage: FinTech related applications save
sensitive data like personally identifiable information (PII), card data (PCI),
health information etc. Sensitive personal information saved on mobile should
be encrypted.
SSL Pinning bypass: SSL Pinning will
One Time Password:
OTP is used as second level of authentication.
OTP Spamming: OTP Spamming is requesting an
API/URL which generates OTP by spoofing mobile number to victims phone number.
If there is no proper validation, attacker can send many OTP SMS’s to victim
phone
OTP Bypass:
-
Modifying
checks: OTP validation can be bypassed by modifying checks in the request
payload or URI parameters
-
Bypassing
SS7
-
Malicious
mobile apps sniffing OTP’s
WEB APPLICATION VULNERABILITIES
All OWASP
Top 10 or SANS Top 25 Vulnerabilities will be applicable.
- Cross
Site Scripting (XSS): If the input values from user is not validated it might
lead to java script execution vulnerabilities which might lead to cookie theft,
redirection to malicious websites, DDoS attacks on other sites etc..
- SQL
Injection: Improper input validation might lead to SQL Injection.
Privilege
Escalation: If the authorization is not enforced properly, one user can access
other users data.
- Authentication
bypass
SQL Injection
Session ID Guessing
Cookie values
- Command
Execution: Improper input validation might lead to OS command execution
- Serialization/Deserialization:
Data interpreted as code because of improper validation. This might lead to
code execution in Java, PHP, Python
- CSRF
- WAF
Bypass
- Ratelimiting
Issues
Important API’s
Forgot/Reset Password
Login page
Other important/sensitive API’s
- XXE (XML
External Entity) Attack
- SSRF
(Server Side Request Forgery)
- JSON
Injection
- DoS/DDoS
(Layer 3, Layer 4 and Layer 7 attacks)
AWS INFRA
- Public S3
buckets: Will have files
- Public
EBS Volumes: Might have sensitive information like SSH Keys, Server Keys,
passwords etc.
- No Multi
Factor Authentication (MFA, 2FA) to AWS
- Root
logins
- Token
Disclosure
Slack
Git
MISCELLANEOUS
Crypto
Currency based exploitation in future
Sub-domain
takeover
Vulnerabilities
in protocols
-->
Vulnerabilities
in Hardware