Security
How did we react to Log4j vulnerability? Read our analysis for mobile applications.
What is the impact of Log4j vulnerability on mobile applications
Mon 20 December 2021
Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB
This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over...
Tue 18 May 2021
5 things every mobile security professional should know about WebViews
This article is about WebViews and the security notions we need to have in mind when using these ...
Tue 18 May 2021
Ostorlab detects Dependency Confusion
Dependency Confusion is a new attack with high severity impact. This article is an overview of th...
Wed 03 March 2021
Finding superhuman XSS polyglot payloads with Genetic Algorithms
The following article is a technical deep dive into how genetic algorithms can be leveraged to create superhuman XSS polyglot payloads.
News and Updates of Week 8
This weeks is marked by multiple high profile data breaches affecting Cashalo, Npower, Kia, T-Mobile and Clubhouse.
Latest posts
Finding and Validating Hardcoded Keys and Secrets
Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.
Fri 30 October 2020
Autonomous Security: Pushing Security Automation to the Next Level
The article introduces the term Autonomous Security in the context of security scanning and defines 5 tiers of maturity.
Mon 26 October 2020
How to Carry out Nation-scale Mobile Devices Compromise: COVID-19 Contact Tracing App BeAware Bahrain Review
Mobile security testing of Covid-19 Contact Tracing Application BeAware
Sun 05 July 2020
COVID-19 Contact Tracing App Wiqaytna Mobile Application Security Review
Mobile security testing of Covid-19 Contact Tracing Application Wiqaytna
Mon 15 June 2020
[Online Event] Security of 3rd party dependencies in Mobile Applications
Mobile applications assessments, automation of 3rd party dependency review
Fri 12 June 2020
Ostorlab Insecure Application
This article describes the usage of Ostorlab Insecure Application.
Mon 14 October 2019
Application Security Testing on non-Jailbroken iOS from Linux
How to perform security checks of an iOS application file on a non-jailbroken iPhone from a Linux Machine.
Tue 08 October 2019
Security, what opportunities and challenges for 2019?
Use the start of the year to contemplate how the previous year went, and prepare for the upcoming is an important exercise to put things into perspective and reevaluate some of our choices.
Mon 07 January 2019