-
Transparent symmetric encryption with Vim
Transparent symmetric encryption allows you to edit text files that will be automatically encrypted on writing and decrypted on reading. There are 2 different methods for enabling this with the Vim editor: the first one relies on the native encryption support included by default and the second one is based…
-
Cross-Site Tracing (XST) attacks
A common pattern in Cross Site Scripting attacks requires to access to a victim's document.cookie object in order to hijack their session information. A common countermeasure is to tag the cookies that store session data as HttpOnly so they can be read only by the server side of the…
-
Android and JS through addJavascriptInterface
In the Android world, the object WebView provides a way to display embedded webpages in your mobile application, without needing to launch the external browser. It uses internally the WebKit rendering engine and provides several useful methods that you can use to control the interaction. Including a method to expose…