Articles by

Amine Mesbahi

Discovering & Monitoring Mobile Applications Attack Surface with Ostorlab

The article introduces Ostorlab Attack Surface Discovery as a solution for discovering and continuously monitoring mobile applications, alleviating the manual burden on security teams. It outlines steps for adding applications to an inventory, configuring monitoring rules, and emphasizes the platform's ability to streamline mobile application security management.

Security

Mapping Dependency Confusion: A Novel Detection Approach using Source Map Files

The article delves into dependency confusion vulnerabilities and introduces a novel detection and exploitation technique then provides actionable steps to mitigate the risks associated with this vulnerabillity.

Tue 13 February 2024

Security

Secure Mobile Biometric Authentication: Best Practices and Implementation Guidelines for Kotlin, Swift, and Flutter

In this Article, we define a secure implementation of mobile biometric authentication and provide detailed implementations in the 3 main modern mobile languages, namely Kotlin for Android, Swift for iOS, and Dart for Flutter multiplatform applications.

Tue 20 June 2023

Security

GodFather Android Malware Analysis

In This article, we analyze the GodFather Android malware, which continues to appear in various formats and primarily targets banking and cryptocurrency applications to steal money and sensitive information for the users.

Fri 14 April 2023

Build you CI/CD pipeline for Mobile Applications with Jenkins, Github Actions and Azure Devops

This article will cover the main challenges when implementing a CI/CD pipeline for mobile applications. We will also provide examples of how you can implement a CI/CD pipeline for Android and iOS applications in the most used Mobile CI/CD tools.

UI call coverage release for dynamic security testing

Ostorlab released the UI call coverage in the analysis environment to show the UI flow exercised during the dynamic security testing.

Latest posts

5 things every mobile security professional should know about WebViews

This article is about WebViews and the security notions we need to have in mind when using these component in both Android and iOS.

Tue 18 May 2021

Finding and Validating Hardcoded Keys and Secrets

Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.

Fri 30 October 2020

COVID-19 Contact Tracing App Wiqaytna Mobile Application Security Review

Mobile security testing of Covid-19 Contact Tracing Application Wiqaytna

Mon 15 June 2020

[Online Event] Security of 3rd party dependencies in Mobile Applications

Mobile applications assessments, automation of 3rd party dependency review

Fri 12 June 2020

Hardcoded AWS keys in Mobile Applications

This article is about how to manage AWS access keys when using AWS services in your mobile application.

Thu 20 December 2018