Welcome to my 8th blog post on “iOS Application Security Testing Series”. You can find Part 7 here. In this article, we will look at analyzing the memory contents of an iOS application using Fridump which uses Frida framework, an excellent framework if you don’t know you should give it a… Read more »
Welcome to my 7th blog post on “iOS Application Security Testing Series”. You can find Part Six here. One of the most painstaking aspects of testing against an iOS Application is the efforts of decrypting the application. In this article, I would like to go over an easy way of turning a painful Black Box testing… Read more »
Welcome to my 6th blog post on “iOS Application Security Testing Series”. You can find Part five here. In this article, we will look at application Re-sign and patching. In a previous blog post, we have looked at how we can hijack method implementations during runtime using Cycript or Frida. The idea… Read more »
Welcome to part five of “iOS Application Security Testing Series” You can find the Part 4 here. In this article, I like to go over App Transport Security (ATS) from pen tester’s perspective. What does that mean exactly? First, I like to walk you through basic testing-related archaeology and help you set up the… Read more »
Welcome to my 4th blog post on “iOS Application Security Testing Series”. You can find Part Three here. In this article, we will look at applications Runtime analysis using Objection runtime Mobile Exploration toolkit, powered by Frida. We will look at how we can obtain information about a class (methods, instance variables) and modify them… Read more »
Welcome to my third article on “iOS Application Security Testing Series”. You can find Part Two here. In this article, we will look at applications that use Jailbreak Detection and Certificate Pinning as defenses – and how they can be bypassed. Is it a good idea to block execution on jailbroken… Read more »
Welcome to my second article on “iOS Application Security Testing Series”. You can find Part 1 here. Imagine a scenario where you, as an iOS Application Security Tester, are tasked with auditing an application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a… Read more »
Welcome to my article on “iOS Application Security Testing Series” In this series, I will provide information on iOS Application Security testing, starting from the Setting Up a Testing Environment for iOS Platform, all the way to Testing Data Storage, Cryptography, Authentication, Network Communication, and Reverse Engineering. In this part,… Read more »
In this short blog post, we’ll cover some basics on how to use the keychain on iOS, and we’ll create a simple wrapper for the keychain. You’ve probably heard of an iOS keychain. If not, it’s a secure persistent storage, meant to be used to store sensitive information, like passwords,… Read more »
We all hate entering passwords on our devices, you have to remember the right password, type it in… It’s a drag. Well, since iPhone 5S we’ve got a fingerprint sensor, also called Touch ID. We would normally use it to unlock the device and/or to verify your account just before you… Read more »
