-
Semgrep Rules for iOS Application Security (Swift)
Nowadays, millions of people rely on iOS mobile applications for almost everything. As a result iOS devices manage a significant amount of data including sensitive ones, such as: credentials, health data, payment data and so on. For these reasons ensuring the security of iOS applications is more critical than ever when developing iOS applications. Securely handling sensitive…
-
Bypassing Certificate Pinning on Flutter-based Android Apps. A new guide.
One of the preliminary activities when analyzing mobile application, more usually than not, is to be able to sniff HTTP/S traffic via a MitM proxy. This is quite straightforward in the case of naive applications, but can be quite challenging when applications use certificate pinning techniques. In this post I’ll try to explain the methodology…
-
Mobile Screenshot Prevention Cheatsheet – Testing and Fixing
Mobile Screenshot Prevention Cheat Sheet – Testing and Fixing The following article will explain how to test mobile applications against any implemented screenshot prevention mechanism and then it will try to propose mitigations to such problem according to the context. The following article is the second part of Mobile Screenshot Prevention Cheat Sheet – Risks and…
-
Mobile Screenshot prevention Cheat Sheet – Risks and Scenarios
Mobile Screenshot Prevention Cheat Sheet – Risks and Scenarios The following article will try to analyze and explain risks and attack scenarios affecting mobile applications without any implemented prevention mechanism against screenshotting. Briefly, what is the problem? Extremely summarizing, mobile applications need to implement screenshot prevention mechanisms in order to avoid an attacker to steal…