Secure Mobile Biometric Authentication: Best Practices and Implementation Guidelines for Kotlin, Swift, and Flutter

In this Article, we define a secure implementation of mobile biometric authentication and provide detailed implementations in the 3 main modern mobile languages, namely Kotlin for Android, Swift for iOS, and Dart for Flutter multiplatform applications.


Build you CI/CD pipeline for Mobile Applications with Jenkins, Github Actions and Azure Devops

This article will cover the main challenges when implementing a CI/CD pipeline for mobile applications. We will also provide examples of how you can implement a CI/CD pipeline for Android and iOS applications in the most used Mobile CI/CD tools.

Thu 27 October 2022


UI call coverage release for dynamic security testing

Ostorlab released the UI call coverage in the analysis environment to show the UI flow exercised during the dynamic security testing.

Wed 01 September 2021


Ostorlab Nuggets in June issue 5

Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and more….

Thu 27 May 2021

Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB

This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.

5 things every mobile security professional should know about WebViews

This article is about WebViews and the security notions we need to have in mind when using these component in both Android and iOS.

Latest posts

Finding and Validating Hardcoded Keys and Secrets

Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.

Fri 30 October 2020

Application Security Testing on non-Jailbroken iOS from Linux

How to perform security checks of an iOS application file on a non-jailbroken iPhone from a Linux Machine.

Tue 08 October 2019

Critical attack surface of mobile applications

the Attack Surface of mobile applications.

Wed 17 January 2018

Testing Cordova Applications

Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (support for Android, iOS, Windows Phone, FireOS, FirefoxOS ...) . The framework is easy and fast to develop with and offers generally a single API for all platforms.

Thu 24 November 2016

Best SSL/TLS resources (Attacks, Tools, Talks)

This article will reference the best current resources on SSL/TLS.

Tue 25 August 2015