iOS Archives - Page 1

Certificate pinning for Android and iOS: Mobile man-in-the-middle attack prevention

Implementing certificate pinning in mobile apps that handle highly sensitive data provides too much benefit to be passed over. Users can be tricked into installing a malicious self-signed certificate on a mobile device, setting the stage for a man-in-the-middle attack. In those situations, certificate pinning can still prevent the interception of an app’s network traffic.

Read Now >

OWASP iOS crackme tutorial: Solved with Frida

In this post I explain step-by-step how I solved the OWASP Mobile Security Testing Guide (MSTG) Crackme Level 1 using Frida (and how I then automated it).

Read Now >

New Year’s resolution for iOS developers? Support App Transport Security (ATS)

Eighty percent of the top free iOS apps don’t support App Transport Security – does yours? Don’t delay. Protect your business and users. Read on for tips on how to transition to ATS support.

Read Now >

Call me maybe: Exploiting iOS WebViews to force automatic FaceTime calls

An attacker can exploit iOS WebViews to make automatic calls to an attacker-controlled phone number OR FaceTime address. Our research has found that FaceTime URL (facetime://) handlers are frequently overlooked in iOS applications. The oversight allows an attacker to potentially capture a video or snapshot of the affected user by directing them to a webpage from within a vulnerable WebView.

Read Now >

How to use Xcode to export an app for security testing

Security analysts typically rely on their development team to export an .ipa file for security testing iOS apps. This post provides step-by-step instructions for using Xcode to export an app for security testing purposes.

Read Now >

How to compile DVIA for iOS 10 and Xcode 8 for mobile app security testing

If you’ve ever tried to compile DVIA for iOS 10 and Xcode 8, you probably ran into some challenges. This article teaches you step-by-step how to compile DVIA for mobile app security testing.

Read Now >

iOS

Certificate pinning for Android and iOS: Mobile man-in-the-middle attack prevention

OWASP iOS crackme tutorial: Solved with Frida

New Year’s resolution for iOS developers? Support App Transport Security (ATS)

Call me maybe: Exploiting iOS WebViews to force automatic FaceTime calls

How to use Xcode to export an app for security testing

How to compile DVIA for iOS 10 and Xcode 8 for mobile app security testing

Webinars

Best Practices

Resources

Solutions

Industries

Customers

Resources

Company

Labs

Skip links

iOS

Footer

Solutions

Industries

Customers

Resources

Company

Labs