Arvind Doraiswamy

Arvind Doraiswamy
Arvind is a Senior Security Engineer who focuses on conducting security assessments for clients, contributing articles to our secure coding knowledgebase, and writing tools to improve our company's security testing efficiency for clients.

Recent Posts

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices, bad implementation, oracles, and ...

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices, bad implementation, and oracles. Today...

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices and bad implementation. Today we'll be...

DREAD has withstood the test of time is due to its simplicity and clarity. If you make things too heavyweight, people are less likely to use it. Also, when classification systems are too granular, more time is spent...

Issues with SSL and TLS are seemingly commonplace these days. In my previous post, I discussed many of the vulnerabilities that I've come across in the last few years conducting software security assessments for our...

With all the SSL/TLS bugs that seem to come out every month nowadays, as a security penetration tester it's hard for me to remember which bug causes what, how hard the exploit is, and what needs to be done to fix it. Over...

Introduction

I recently did a web application penetration testing assessment for an application that used Ruby on Rails. Besides checking for all of the common web application vulnerabilities, such as the OWASP Top 10 and...

Reversing - Brown Bag

by Arvind Doraiswamy on September 3, 2013 at 10:56 AM

Occasionally we get projects where it certainly helps to know a little bit of reverse engineering. Maybe there is some hidden functionality that is triggered when a specific input is given or when a specific option is...

Restricting Signed Java Applets

by Arvind Doraiswamy on March 19, 2013 at 3:39 PM

I had some interaction with Virgin mobile a couple of weeks ago and did not feel confident about their security at the end of the call which I blogged about here. Towards the end of that blog, I wrote about the 4 major...