ResearchRequest a brochure
Minded Security Research Lab
Minded Security goal is to deliver high level quality services regarding Software Security Consulting. We want to reach this target through improving continuously our knowledge and doing AppSec research.
Minded Security combines the latest security research with our worldwide recognized testing techniques to meet your business goals and strengthen the security of your products and services.
Since many years we contribute to OWASP (The Open Web Application Security Project) with different leaderships: from the foundation of the OWASP Italy Chapter, to the OWASP Testing Guide, the OWASP Cloud Security and the OWASP 5D Framework leadership. Our experience, our approach and our passion let us to work at a high level with the client to suggest the best solutions that can fit his needs.
The creation of Minded Security Research Lab resulted in some of the most important advancements in software security including the development of the first tool for Flash Security Testing (SWFintruder), and the first tool for Client Side Testing using Dynamic Tainting Analysis (DOMinatorPro).
Minded Security research lab main goals are:
- Supporting customers to develop more Secure Products and Services;
- Rise the level of culture in your Company in order to manage all the Software Security domains;
- Release of ad-hoc security testing tools to identify high risk vulnerabilities;
In 2009 DOMinator open source for community was released, then in 2011 Dominator Pro was the first tool able to perform a dynamic tainting analysis of the data flow in the DOM of the browser. Dominator Pro
DOMXSS Wiki (https://code.google.com/archive/p/domxsswiki/wikis/Introduction.wiki) was created with the aim of creating A SHARED Knowledge Base for defining sources of attacker controlled inputs and sinks which potentially could introduce DOM Based XSS issues.
2011: DOMinator Pro
It performs a Real Time Dynamic Data Tainting which represents an innovative approach to identify DOM based Cross Site Scripting vulnerabilities and can help identify client side issues in a very short time while simply navigating.
We created the DOMXSS domain (www.domxss.com) in order to understand the client side security and to learn how to use BlueClosure to identify this class of new vulnerabilities.
2014 AMT Banking Malware Detector
AMT solution easily detected realtime man in the browser attacks. AMT engine did not look for signatures or known attacks, it did analyze the behavior of the HTML page in the user’s browser and can easily detect new kinds of attacks or new malware variants that are running on customer machines.
2015: RATDET Remote Access Trojan Detection technology.
Using RAT in banking malware features fraudsters can impersonate the banking customers by attacking the online banking site from the trusted banking customer host/PC. This type of subtle remote control allows the fraudsters to bypass the security controls already in place.Firewall policies, strong authentication with browser certificates, IP restrictions, Geo Location controls, Browser and OS fingerprint can be easily bypassed by Dyre Remote Control Module.
Minded Security developed RATDET technology able to detects RATs such as DarkComet, ProRat, VNC and RDP add-ons in banking malware such as Zeus and Citadel. RATDET detects the fraudster use of RAT in banking malware attacks in real-time and the risk score supplemented to AMT by RATDET helps fraud managers in catching real fraud attempts instead of thousands of false positive alerts that are genuine sessions.
Shhlack is an extension for Slack and brings end-to-end encrypted messages in Slack workspaces.Shhlack is an opensource tool available on GitHub:
2020: Behave! A monitoring browser extension for pages acting as “bad boi”
A Minded Security project that monitors and warn if a web page performs any of following actions:
- Browser based Port Scan
- Access to Private IPs
- DNS Rebinding attacks to Private IP