I’ve recently noticed a spike in questions from our customers — and specifically security analysts — about App Transport Security (ATS), or NSAppTransportSecurity, for iOS apps. ATS is a critical security practice for our customers in financial services and other regulated industries. A lot of ATS documentation already exists, but questions persist. A core part
A researcher published the decryption key for the iOS Secure Enclave Processor exposing a critical new risk within the iOS operating system. We’ve verified this information and explained its impact.
Because organizations need visibility into the security status of public app store apps, we’ve extended the NowSecure Platform to provide “AlwaysOn” mobile app vetting for third-party mobile apps with our new NowSecure Intelligence™ product.
Implementing certificate pinning in mobile apps that handle highly sensitive data provides too much benefit to be passed over. Users can be tricked into installing a malicious self-signed certificate on a mobile device, setting the stage for a man-in-the-middle attack. In those situations, certificate pinning can still prevent the interception of an app’s network traffic.
In this post I explain step-by-step how I solved the OWASP Mobile Security Testing Guide (MSTG) Crackme Level 1 using Frida (and how I then automated it).
Eighty percent of the top free iOS apps don’t support App Transport Security – does yours? Don’t delay. Protect your business and users. Read on for tips on how to transition to ATS support.