Mobile Articles


Mobile
UI call coverage release for dynamic security testing
Wed 01 September 2021

Ostorlab released the UI call coverage in the analysis environment to show the UI flow exercised during the dynamic security testing.

Mobile
Finding and Validating Hardcoded Keys and Secrets
Fri 30 October 2020

Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.

Mobile
Hardcoded AWS keys in Mobile Applications
Thu 20 December 2018

This article is about how to manage AWS access keys when using AWS services in your mobile application.

Mobile
Critical attack surface of mobile applications
Wed 17 January 2018

the Attack Surface of mobile applications.

Mobile
Finding security bugs in Android applications the hard way
Fri 16 June 2017

Ostorlab is a community effort to build a mobile application vulnerability scanner to help developers build secure mobile applications. One of the new key components of the scanner detection capabilities is a new shiny static taint engine for Android Dalvik Bytecode that was heavily optimized for performance and low false positives.

Mobile
Testing Cordova Applications
Thu 24 November 2016

Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (support for Android, iOS, Windows Phone, FireOS, FirefoxOS ...) . The framework is easy and fast to develop with and offers generally a single API for all platforms.

Mobile
Android, SQL and ContentProviders or Why SQL injections aren't dead yet ?
Thu 03 November 2016

Before we get into SQL injections and what might go wrong, we'll start by covering some technical information on Content Providers...

Mobile
Android external libs!
Tue 01 November 2016

For an Android developer, it has become standard practice to use external libraries to easily extend the functionalities of the mobile application . Thanks to Gradle easy dependency integration, features like HTTP frameworks, database ORM, fancy scrolling, efficient image loading, caching, social network integration and many others can be added easily.

Mobile
Vulnerabilities tested by Google Play Store
Mon 05 September 2016

Google will start identifying security weaknesses in Apps pushed to the Play Store...