TECNO Security articles - 48 total
Security Vulnerability in Hidden Parameters: IDOR Attack on Mighty App Payment Page
Today, Rashedul from Bangladesh will share an IDOR vulnerability found on the Bxxxxxxx Web App. The...
![[Vulnerability Campaign] Protect TECNO devices](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fctko9jiur2eueuhb9oal.jpg)
[Vulnerability Campaign] Protect TECNO devices
Are you a white hat who is good at finding Android phone security vulnerabilities? Submit valid...
(Ⅱ)【Report Review】2024 OWASP Mobile Top 10 Risks
In the previous article, (Ⅰ)【Report Review】2024 OWASP Mobile Top 10 Risks, we provided a detailed...
(Ⅰ)【Report Review】2024 OWASP Mobile Top 10 Risks
The rapid expansion of mobile applications has brought about security risks such as data collection...
(Ⅱ) Android Identity Authentication
In the previous sharing, we learned about some misunderstandings and security risks related to...
(Ⅰ) Android Identity Authentication: A Game of Cat and Mouse between Developers and "Hackers"
In Android development, caller identity authentication is like a cat-and-mouse game between...
CVE Exclusive Activity
On March 19th, 2025, TECNO Security Response Center officially obtained authorization from the CVE...
![[Best of February - M3Di] From Forest to Code: Transformational Security Researcher Growth Notes](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh2crifkm2srbvb0bdpyn.png)
[Best of February - M3Di] From Forest to Code: Transformational Security Researcher Growth Notes
He is from Yunnan, China, and has four years of experience in security bug mining. Over the past two...
Secure Coding Practices for TEE Applications: A Guide for CA and TA Developers
Trusted Execution Environments (TEEs) have become an essential component in modern secure computing...
【Recognition】Excellent Security Researcher in January 2025 iiiiiinv
The monthly star of TECNO Security Response Center has been announced! In January, iiiiiinv from...
Beginner’s Guide: Basic Methods for Finding Android Application Vulnerabilities
Phyo WaThone Win from Myanmar shared with us a guide to common Android application vulnerabilities....
"Hacker of the Month" - Find Excellence
To motivate and express our gratitude for the continuous support of security researchers, we now...
Automated Penetration Testing: A Guide to Domain Collection
In penetration testing, we need to collect as much information as possible about the target. Asset...
【Activities Guide】A detailed overview of the TECNO Security Response Center's security incentive activities
🎯In order to make it easier for researchers to find all the activities on our platform, we have...
Guidelines about the Refer-a-Friend Program
2025 is here, and the TECNO Security Response Center's friend referral campaign has officially...
SQL Injection Principles, Vulnerability Discovery and Mitigation Strategies
This article primarily shares an experience in exploiting SQL injection vulnerabilities in mobile app...
TECNO SRC Security Vulnerability Submission Function Survey
🎄A survey to improve your bug reporting experience, please don't hesitate to give your...
Unveiling the Unseen: A Journey from Simple Recon Using Shodan to Leaking AWS Secrets
The world of bug bounty hunting is filled with thrilling moments when some simple recon techniques...
Web vulnerability bounty rules update
TECNO Security Response Center respects and thanks all security researchers for their contribution to...
【Vulnerability Campaign】Earn Your Thanksgiving Bonus Rebate
A thank you to all TECNO security researchers who've backed us through 2024! Here comes our festival...
Critical File Upload Vulnerabilities: Exploits and Mitigation Strategies
Almost every application features a file upload function, from sharing documents to images. Without...
![[2024 Thanksgiving] Security Technology Research Writing Activity](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fydwp6sbol01jsyrm3iut.png)
[2024 Thanksgiving] Security Technology Research Writing Activity
2024 is coming to an end. What new security technologies have you learned and researched this year?...
Guide to Writing Security Technology Blog Articles
Grow in practice, and settle in the documentation. When we want to write articles about our research...
Hacking your first OAuth on the Web application
This article delves into how attackers can exploit OAuth vulnerabilities, focusing on misusing...
TECNO Security Year-End Reward Sprint Preview: Grand Prizes Await You!
At the end of each year, it's time to reap the rewards. To the researchers who help us safeguard the...
E-commerce website vulnerability bounty practice sharing(Ⅱ)
Hello everyone, do you remember the content we shared last time? In the previous article, we shared a...
E-commerce website vulnerability bounty practice sharing(I)
Today's e-commerce ecosystem is a highly interconnected and network-dependent environment, bringing...
Story of Time Machines: Where Archived URLs and Juicy Information Handshake Each Other
Web crawlers, or spiders, are essential for indexing web content for search engines. However, if not...
TECNO Security Response Center 3rd Anniversary | Safeguarding Product Security, Grateful for Our Encounter
On September 22, 2021, the TECNO Security Response Center was officially established. Security...
Insecure Direct Object Reference (IDOR)
Insecure Direct Object References (IDOR) are a type of security flaw that happens when an application...