Part 3:2 — Electron-Based App Security Testing Fundamentals

Electron-based application security testing is an important part of security analysis, as it covers applications used on desktop and mobile devices.
This article is the 2nd section of a three-section series exploring the fundamentals of Electron-based application security testing.
The first part described the basic concepts and procedures for decompiling the .asar file, while the second part presents a unique case study regarding the extraction and analysis of .asar files.
The results obtained were an AES encryption key, an initialization vector (IV), and a salt stored in the same database as the username, which could be used to compromise real credentials.
The third part of this series focuses on securing communication channels, APIs, and cloud-based data storage, as well as an introduction to basic node.js exploitation.

Fast Feed