Bypassing Xamarin Certificate Pinning on Android

Xamarin is a popular open-source and cross-platform mobile application development framework owned by Microsoft with more than 13M total downloads. This post describes how we analyzed an Android application developed in Xamarin that performed HTTP certificate pinning...

Auditing CSP headers with Burp and ZAP

Content Security Policy (CSP)  is a HTTP header that instruct the browser to limit resource loading of media, styles and scripts. As you may know, CSP is not adopted yet by industry. Multiple surveys have already been made about the adoption of the security...

Pin It on Pinterest