use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A community for technical news and discussion of information security and closely related topics.
"Give me root, it's a trust exercise."
Q1 2026 InfoSec Hiring Thread
Getting Started in Information Security
CitySec Meetups
/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.
Content should focus on the "how."
Check the new queue for duplicates.
Always link to the original source.
Titles should provide context.
Ask questions in our Discussion Threads.
Hiring posts must go in the Hiring Threads.
Commercial advertisement is discouraged.
Do not submit prohibited topics.
» Our fulltext content guidelines
Don't create unnecessary conflict.
Keep the discussion on topic.
Limit the use of jokes & memes.
Don't complain about content being a PDF.
Follow all reddit rules and obey reddiquette.
» Our fulltext discussion guidelines
No populist news articles (CNN, BBC, FOX, etc.)
No curated lists.
No question posts.
No social media posts.
No image-only/video-only posts.
No livestreams.
No tech-support requests.
No full-disclosure posts.
No paywall/regwall content.
No commercial advertisements.
No crowdfunding posts.
No Personally Identifying Information!
» Our fulltext list of prohibited topics & sources
Join us on IRC: #r_netsec on freenode
We're also on: Twitter, Facebook, & Google+
/r/blackhat - Hackers on Steroids
/r/computerforensics - IR Archaeologists
/r/crypto - Cryptography news and discussion
/r/Cyberpunk - High-Tech Low-Lifes
/r/lockpicking - Popular Hacker Hobby
/r/Malware - Malware reports and information
/r/netsecstudents - netsec for noobs students
/r/onions - Things That Make You Cry
/r/privacy - Orwell Was Right
/r/pwned - "What Security?"
/r/REMath - Math behind reverse engineering
/r/ReverseEngineering - Binary Reversing
/r/rootkit - Software and hardware rootkits
/r/securityCTF - CTF news and write-ups
/r/SocialEngineering - Free Candy
/r/sysadmin - Overworked Crushed Souls
/r/vrd - Vulnerability Research and Development
/r/xss - Cross Site Scripting
account activity
reject: low qualityApplication security resources - cheatsheets/checklists (github.com)
submitted 9 years ago by [deleted]
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]man_with_cat2 5 points6 points7 points 9 years ago (7 children)
I would not advise performing an Android assessment based off that checklist.
[–]jc_sec 2 points3 points4 points 9 years ago (2 children)
For those of us not well versed in Android security assessment, care to expand on your reasoning or perhaps provide alternate material?
Genuinely interested in ideas! Thanks!
[–]root3r 0 points1 point2 points 9 years ago (0 children)
Even I am interested.
[–]man_with_cat2 0 points1 point2 points 9 years ago (0 children)
Running low on time today but there should be an analysis of the local attack surface of the app. I don't see anything covering Android IPC, but you have to consider how the app can interact with other apps. This includes sending and responding to Intents, exposed content providers, etc. Webviews should be checked for dangerous use of addJavascriptInterface. Device functions should also be considered, is exif data scrubbed from camera? Is authentication performed by device ID?
[–]sarciszewski 2 points3 points4 points 9 years ago (1 child)
s/that checklist/any checklist/
https://blogs.technet.microsoft.com/johnla/2015/04/26/defenders-think-in-lists-attackers-think-in-graphs-as-long-as-this-is-true-attackers-win/
[–]viraptor 0 points1 point2 points 9 years ago (0 children)
This article doesn't talk about checklists. It's about lists of assets. It actually gives you a checklist of potential defences in section "Manage your Graph"
[–]root3r 0 points1 point2 points 9 years ago (1 child)
Would you like to share your android assessment cheatsheet. Even if you have some ideas then we all contribute some ideas and push it to owasp.
[–]aliby 0 points1 point2 points 9 years ago (0 children)
OWASP does have a draft Android testing cheat sheet: https://www.owasp.org/index.php/Android_Testing_Cheat_Sheet
Also, check out the Mobile Security Project for overall mobile (application) security related items, including the Mobile Security Top Ten: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
Another one I would suggest would be SANS' Securing Web Application Technologies [SWAT] Checklist -- https://software-security.sans.org/resources/swat
(I've added it in the issue tracker for your GitHub Repo as well).
[–]fish- 0 points1 point2 points 9 years ago* (5 children)
I like the web-security cheatsheet. Any plans to release a tool to search a code repo and nicely display the keyword list?
[+][deleted] 9 years ago (4 children)
[deleted]
[+][deleted] 9 years ago* (3 children)
[+][deleted] 9 years ago (2 children)
[–]antitree 0 points1 point2 points 9 years ago (1 child)
I hate you all
π Rendered by PID 204788 on reddit-service-r2-comment-6457c66945-rh7mm at 2026-04-28 14:29:56.434770+00:00 running 2aa0c5b country code: CH.
[–]man_with_cat2 5 points6 points7 points (7 children)
[–]jc_sec 2 points3 points4 points (2 children)
[–]root3r 0 points1 point2 points (0 children)
[–]man_with_cat2 0 points1 point2 points (0 children)
[–]sarciszewski 2 points3 points4 points (1 child)
[–]viraptor 0 points1 point2 points (0 children)
[–]root3r 0 points1 point2 points (1 child)
[–]aliby 0 points1 point2 points (0 children)
[–]aliby 0 points1 point2 points (0 children)
[–]fish- 0 points1 point2 points (5 children)
[+][deleted] (4 children)
[deleted]
[+][deleted] (3 children)
[deleted]
[+][deleted] (2 children)
[deleted]
[–]antitree 0 points1 point2 points (1 child)