'WhiteHat' Setting : A Hacker 'Pentest' Your Facebook App
With the implementation of new security mechanisms such as certificate pinning, white hat hackers make it difficult to test the application for server-side defects. Security researchers will certainly welcome this move taken by Blue Social Network because it will allow them to check apps more efficiently.
Today we share about new Technology News about Facebook app’s security. Hacker know the all methods, why not you know what happen?? Read this article to know more details
What is pentesting?
An entrance test, also known as a pen test, is a fake cyberbath against your computer system to investigate exploitation of vulnerabilities. In the context of web application security, entrance testing is usually used to increase web application firewall (WAF).
An attempt can be made to use any type of application system, such as application protocol interface (APIs), frontend / backend server, to highlight vulnerabilities in pen testing, such as unencrypted input which is used for code injection attacks Are susceptible to.
The insight provided by the penetration test can be used to correct your WAF security policies and patch weaknesses.
A brief note about white hat hackers
White hat (computer security world) is the Internet term, the term "white hat" refers to an ethical computer hacker, or a computer security expert, which specializes in penetration testing and other testing methods, which ensures the safety of the information systems of an organization.
In order to help whitehack hackers easily test the security of their homegrown mobile app, Facebook has launched a new feature called Whitehat Settings. This setting is applicable for Facebook, Instagram, and Messenger app for Android; It's currently not available for iOS platforms.
The company expects that white hackers will use this feature on their accounts to hunt a bug bounty. The company advises to keep these settings shut on not checking for traffic for vulnerabilities.
How to enable Facebook Whitehat settings?
To enable Whitehat settings, you need to visit Facebook's web interface and open this link.
Now select the settings you want to enable - for example, the CA (certificate authority) installed for your accounts. In addition, you have to select the apps (Facebook, Instagram, Messenger) that you want to test.
Once you are done with the web interface, sign out from your Facebook mobile app and sign in again to ensure that the new settings appear in the settings section of your app.
Speaking specifically about Facebook, you get the option to force the application to use TLS 1.2, which is supported by a proxy like a barp. Apart from this, you can also trust Facebook based on your established CA.
Once you work and you reopen the app, then Facebook will enable all selected options and display a network test mode banner at the top.
With the implementation of new security mechanisms such as certificate pinning, white hat hackers make it difficult to test the application for server-side defects. Security researchers will certainly welcome this move taken by Blue Social Network because it will allow them to check apps more efficiently. More Technology News Click Here