#iOS Articles


Mobile
UI call coverage release for dynamic security testing
Wed 01 September 2021

Ostorlab released the UI call coverage in the analysis environment to show the UI flow exercised during the dynamic security testing.

Newsletter
Ostorlab Nuggets in June issue 5
Thu 27 May 2021

Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and moreā€¦.

Dynamic Analysis
Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB
Tue 18 May 2021

This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.

Mobile Analysis
5 things every mobile security professional should know about WebViews
Tue 18 May 2021

This article is about WebViews and the security notions we need to have in mind when using these component in both Android and iOS.

Mobile
Finding and Validating Hardcoded Keys and Secrets
Fri 30 October 2020

Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.

Pentest
Application Security Testing on non-Jailbroken iOS from Linux
Tue 08 October 2019

How to perform security checks of an iOS application file on a non-jailbroken iPhone from a Linux Machine.

Mobile
Critical attack surface of mobile applications
Wed 17 January 2018

the Attack Surface of mobile applications.

Mobile
Testing Cordova Applications
Thu 24 November 2016

Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (support for Android, iOS, Windows Phone, FireOS, FirefoxOS ...) . The framework is easy and fast to develop with and offers generally a single API for all platforms.

Pentest
Best SSL/TLS resources (Attacks, Tools, Talks)
Tue 25 August 2015

This article will reference the best current resources on SSL/TLS.