Slides for my presentation on Alphappl, where my objective was to give some tips to developers how to make their software more secure and info about resources where they can learn more about this subject. Hacker, you shall not pass! from Cláudio André…

We had a request from a client to test a Mobile Device Management solution from Good Technology currently being implemented and its client application Good for Enterprise. Good for Enterprise is built on Good next-gen containerization, which enables secure data sharing between Good-secured apps as well as app-level encryption independent of the device used. With next-gen containerization, Good for Enterprise protects corporate data including emails, business contacts, or files downloaded from corporate intranet on personal unmanaged and managed devices.…

My slides for Mobile Edge event by Bold in Microsoft Portugal HQ where I talked a little bit of security on mobile platforms and common vulnerabilities on mobile applications. Mobile (in)security ? from Cláudio André…

I like to analyse random apps on the Google Play Store and this time I dedicated time to the Outlook.com Android App. At the time, another guys were looking at the app as well and release this analysis about insecure data storage on the app. Most, if not all email apps allow HTML emails so I decided to play around a little bit with this. I wrote the following Python script to send emails via a Gmail account in HTML format: ``` import smtplib from email.…

A remote unauthenticated attacker is able to execute arbitrary SQL commands via the the REST url parameter an_category_id in /advancednewsletter/index/subscribeajax/an_category_id/ Vulnerable Versions Confirmed on version 2.3.4 Solution Upgrade to version 2.3.5 Vulnerability Timeline 22 Jan 2014 – Vulnerability reported to vendor 23 Jan 2014 – Vendor requested more details 24 Jan 2014 – Vendor acknowledged vulnerability and released new version…

My slides for May 2014 Confraria de Segurança da Informação in Portugal, where I talked about the Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers. Pentesting Android Applications from Cláudio André…