Amine Mesbahi
Apple Privacy: A Comprehensive Guide to Privacy Manifest Files
This article offers a guide to Privacy Manifest files in Apple's ecosystem, stressing their importance for transparency and compliance, especially with the upcoming 2024 mandate, outlining steps for implementation, and underscoring their role in promoting user trust and adherence to regulations.
Thu 18 April 2024
Discovering & Monitoring Mobile Applications Attack Surface with Ostorlab
The article introduces Ostorlab Attack Surface Discovery as a solution for discovering and continuously monitoring mobile applications, alleviating the manual burden on security teams. It outlines steps for adding applications to an inventory, configuring monitoring rules, and emphasizes the platform's ability to streamline mobile application security management.
Tue 26 March 2024
Mapping Dependency Confusion: A Novel Detection Approach using Source Map Files
The article delves into dependency confusion vulnerabilities and introduces a novel detection and exploitation technique then provides actionable steps to mitigate the risks associated with this vulnerability.
Tue 13 February 2024
Secure Mobile Biometric Authentication: Best Practices and Implementation Guidelines for Kotlin, Swift, and Flutter
In this Article, we define a secure implementation of mobile biometric authentication and provide detailed implementations in the 3 main modern mobile languages, namely Kotlin for Android, Swift for iOS, and Dart for Flutter multiplatform applications.
Tue 20 June 2023
GodFather Android Malware Analysis
In This article, we analyze the GodFather Android malware, which continues to appear in various formats and primarily targets banking and cryptocurrency applications to steal money and sensitive information for the users.
Build you CI/CD pipeline for Mobile Applications with Jenkins, Github Actions and Azure Devops
This article will cover the main challenges when implementing a CI/CD pipeline for mobile applications. We will also provide examples of how you can implement a CI/CD pipeline for Android and iOS applications in the most used Mobile CI/CD tools.
Latest posts
UI call coverage release for dynamic security testing
Ostorlab released the UI call coverage in the analysis environment to show the UI flow exercised during the dynamic security testing.
Wed 01 September 2021
5 things every mobile security professional should know about WebViews
This article is about WebViews and the security notions we need to have in mind when using these component in both Android and iOS.
Tue 18 May 2021
Finding and Validating Hardcoded Keys and Secrets
Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.
Fri 30 October 2020
How to Carry out Nation-scale Mobile Devices Compromise: COVID-19 Contact Tracing App BeAware Bahrain Review
Mobile security testing of Covid-19 Contact Tracing Application BeAware
Sun 05 July 2020
COVID-19 Contact Tracing App Wiqaytna Mobile Application Security Review
Mobile security testing of Covid-19 Contact Tracing Application Wiqaytna
Mon 15 June 2020
[Online Event] Security of 3rd party dependencies in Mobile Applications
Mobile applications assessments, automation of 3rd party dependency review
Fri 12 June 2020
Hardcoded AWS keys in Mobile Applications
This article is about how to manage AWS access keys when using AWS services in your mobile application.
Thu 20 December 2018