Category

Security

Mobile security testing of Covid-19 Contact Tracing Application BeAware

Security

COVID-19 Contact Tracing App Wiqaytna Mobile Application Security Review

Mobile security testing of Covid-19 Contact Tracing Application Wiqaytna

Mon 15 June 2020

Security

[Online Event] Security of 3rd party dependencies in Mobile Applications

Mobile applications assessments, automation of 3rd party dependency review

Fri 12 June 2020

Security

Ostorlab Insecure Application

This article describes the usage of Ostorlab Insecure Application.

Mon 14 October 2019

How to perform security checks of an iOS application file on a non-jailbroken iPhone from a Linux Machine.

Use the start of the year to contemplate how the previous year went, and prepare for the upcoming is an important exercise to put things into perspective and reevaluate some of our choices.

Latest posts

DOM XSS Fuzzing strategies - Part 1

XSS are still by far the most common type of vulnerabilities, this article presents strategies to automate the search for XSSes.

Sat 22 December 2018

Hardcoded AWS keys in Mobile Applications

This article is about how to manage AWS access keys when using AWS services in your mobile application.

Thu 20 December 2018

Reinforcement Learning & Automated Testing - part 1

I will be sharing through a series of blog posts our past experimentations with the use of reinforcement learning for automated testing, to both chase bugs and find vulnerabilities.

Mon 22 January 2018

Critical attack surface of mobile applications

the Attack Surface of mobile applications.

Wed 17 January 2018

Finding security bugs in Android applications the hard way

Ostorlab is a community effort to build a mobile application vulnerability scanner to help developers build secure mobile applications. One of the new key components of the scanner detection capabilities is a new shiny static taint engine for Android Dalvik Bytecode that was heavily optimized for performance and low false positives.

Fri 16 June 2017

New Taint Engine ... more vulnerabilities found

We have been for the last few months hard at work developing a new scan engine to identify new classes of vulnerabilities. The new scan engine is capable of identifying SQL injections, intent hijacking, insecure random seed, insecure cryptography etc.

Sun 23 April 2017

Testing Cordova Applications

Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (support for Android, iOS, Windows Phone, FireOS, FirefoxOS ...) . The framework is easy and fast to develop with and offers generally a single API for all platforms.

Thu 24 November 2016

Android, SQL and ContentProviders or Why SQL injections aren't dead yet ?

Before we get into SQL injections and what might go wrong, we'll start by covering some technical information on Content Providers...

Thu 03 November 2016