Securify core story

We provide reality checks to improve cyber security resilience In today’s world, your organization has an ever-growing online presence and a lot of data to…Read more...

Blogs

  • Android adb reverse tethering mitm setup revised

    Introduction In a previous blogpost, I've written how to combine Gnirehtet & proxychains in order to intercept traffic from mobile apps over adb while on a VPN. After some time, the setup seemed to be somewhat buggy and slow. A contact of @FSDominguez suggested to look into port forwarding. I'd like to present a…Read more...

  • Scanning incomplete C# projects for vulnerable code patterns

    At Securify Inline, we are always looking for smart techniques to support our security code review process. We want to find certain insecure patterns in our client's code, using static analysis. For our C# projects, we developed a custom scanner, based on the Roslyn parser. This article discusses what problems we ran…Read more...

  • Using Semgrep to assist in security code reviews

    Semgrep is a static code analysis tool that finds patterns in source code. At Securify Inline we use semgrep to assist in our security code reviews, and to detect issues as soon as they occur in the code. Introduction At Securify Inline we regularly review our client's code. Every week we check the code that the client…Read more...

  • White-Box Cryptography in the mobile world - Attacks and defence

    Introduction In the previous blogpost we learned about the general concept of White-Box Cryptography, the reasons why it is gaining more presence in the world of mobile apps and its main advantages. However, like any other security measure, it is not perfect, and it exist scenarios where it can be defeated if the…Read more...

  • White-Box Cryptography in the mobile world

    Introduction The use of White-Box Cryptography is gaining more and more popularity in the mobile world. The implementation of this technology poses some challenges for those that are researching the security of apps, both client side as server side. From a pentester’s point of view you’d like to see both the plain text…Read more...

Questions or feedback?

Call usphone
Mail usmail