Security
Critical attack surface of mobile applications
the Attack Surface of mobile applications.
Wed 17 January 2018
Finding security bugs in Android applications the hard way
Ostorlab is a community effort to build a mobile application vulnerability scanner to help develo...
Fri 16 June 2017
New Taint Engine ... more vulnerabilities found
We have been for the last few months hard at work developing a new scan engine to identify new cl...
Sun 23 April 2017
Testing Cordova Applications
Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (su...
Thu 24 November 2016
Android, SQL and ContentProviders or Why SQL injections aren't dead yet ?
Before we get into SQL injections and what might go wrong, we'll start by covering some technical information on Content Providers...
Vulnerabilities tested by Google Play Store
Google will start identifying security weaknesses in Apps pushed to the Play Store...
Latest posts
New in Android M and N: Runtime Permissions
In Android, the permission system was one of the major security concerns of the platform for many reasons...
Fri 27 May 2016
Android SSL certificate pinning to prevent Man-in-the-middle attack
Implementing SSL certificate pinning in mobile apps to secure the communication between the user's device and the backend
Wed 11 May 2016
Reversing JNI, or how Facebook is crashing their own application
Apparently Facebook is crashing their apps intentionally in order to test users reaction and evaluate their adherence to Facebook service. This post is however not about the user's behavioral analysis, but about the technical aspects of how it is done - or just an excuse to dive into JNI reversing.
Thu 07 January 2016
What every pentesters should learn in 2016
The last years have come with meaningful changes in the way IT professionals operate and the way we approach security...
Sat 02 January 2016
Best SSL/TLS resources (Attacks, Tools, Talks)
This article will reference the best current resources on SSL/TLS.
Tue 25 August 2015