data exposure Archives - Krishna Gupta

OWASP Top 10 for Mobile Apps: M10 – Extraneous Functionality

10 February 2025 by Krishna

Extraneous functionality can be defined as any feature or functionality that is present in a mobile application but is either unintentional or no longer needed. It may be left over from earlier stages of the development process, such as during testing or debugging, or added for convenience but overlooked as the application moves closer to production. Regardless of the reason for its existence, extraneous functionality represents a security risk.

M2: Insecure Data Storage – A Penetration Tester’s Guide

2 February 2025 by Krishna

Insecure data storage refers to the practice of storing data in a manner that makes it vulnerable to unauthorised access, tampering, or theft. This can occur in various forms, such as improperly encrypted files, exposed databases, or unprotected cloud storage solutions. The consequences of insecure data storage can be far-reaching, ranging from financial losses to reputational damage and legal ramifications.

Penetration testers need to thoroughly evaluate an organisation’s data storage mechanisms to identify weaknesses and implement corrective measures before malicious actors can exploit them. This is particularly important as organisations increasingly store data in cloud environments, mobile applications, and third-party servers, each introducing unique security challenges.

Do not Use iPhone Mirroring on a Corporate Mac

11 October 2024 by Krishna

iPhone mirroring can pose significant security risks when used on a corporate Mac. It involves establishing a direct connection between your personal device and the company’s network, potentially exposing sensitive data to vulnerabilities.