Security
Finding and Validating Hardcoded Keys and Secrets
Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.
Fri 30 October 2020
Autonomous Security: Pushing Security Automation to the Next Level
The article introduces the term Autonomous Security in the context of security scanning and defin...
Mon 26 October 2020
How to Carry out Nation-scale Mobile Devices Compromise: COVID-19 Contact Tracing App BeAware Bahrain Review
Mobile security testing of Covid-19 Contact Tracing Application BeAware
Sun 05 July 2020
COVID-19 Contact Tracing App Wiqaytna Mobile Application Security Review
Mobile security testing of Covid-19 Contact Tracing Application Wiqaytna
Mon 15 June 2020
[Online Event] Security of 3rd party dependencies in Mobile Applications
Mobile applications assessments, automation of 3rd party dependency review
Latest posts
Application Security Testing on non-Jailbroken iOS from Linux
How to perform security checks of an iOS application file on a non-jailbroken iPhone from a Linux Machine.
Tue 08 October 2019
Security, what opportunities and challenges for 2019?
Use the start of the year to contemplate how the previous year went, and prepare for the upcoming is an important exercise to put things into perspective and reevaluate some of our choices.
Mon 07 January 2019
DOM XSS Fuzzing strategies - Part 1
XSS are still by far the most common type of vulnerabilities, this article presents strategies to automate the search for XSSes.
Sat 22 December 2018
Hardcoded AWS keys in Mobile Applications
This article is about how to manage AWS access keys when using AWS services in your mobile application.
Thu 20 December 2018
Reinforcement Learning & Automated Testing - part 1
I will be sharing through a series of blog posts our past experimentations with the use of reinforcement learning for automated testing, to both chase bugs and find vulnerabilities.
Mon 22 January 2018
Critical attack surface of mobile applications
the Attack Surface of mobile applications.
Wed 17 January 2018
Finding security bugs in Android applications the hard way
Ostorlab is a community effort to build a mobile application vulnerability scanner to help developers build secure mobile applications. One of the new key components of the scanner detection capabilities is a new shiny static taint engine for Android Dalvik Bytecode that was heavily optimized for performance and low false positives.
Fri 16 June 2017
New Taint Engine ... more vulnerabilities found
We have been for the last few months hard at work developing a new scan engine to identify new classes of vulnerabilities. The new scan engine is capable of identifying SQL injections, intent hijacking, insecure random seed, insecure cryptography etc.
Sun 23 April 2017