It’s important for our users to have strong passwords. But, strong passwords are usually tedious to type in and often frustrate the users, not to mention that they’re hard to remember. In this article we will be generating strong passwords with AutoFill and store them in the keychain so they… Read more »
Password strength meters are a great way to visually indicate to the users if their password is acceptable. Implementing one from scratch is no easy feat. Fortunately, dropbox has developed an open source library just for this purpose called zxcvbn. It’s multi-platform and easy to use. In this short article… Read more »
Welcome to my 8th blog post on “iOS Application Security Testing Series”. You can find Part 7 here. In this article, we will look at analyzing the memory contents of an iOS application using Fridump which uses Frida framework, an excellent framework if you don’t know you should give it a… Read more »
Welcome to my 7th blog post on “iOS Application Security Testing Series”. You can find Part Six here. One of the most painstaking aspects of testing against an iOS Application is the efforts of decrypting the application. In this article, I would like to go over an easy way of turning a painful Black Box testing… Read more »
Welcome to my 6th blog post on “iOS Application Security Testing Series”. You can find Part five here. In this article, we will look at application Re-sign and patching. In a previous blog post, we have looked at how we can hijack method implementations during runtime using Cycript or Frida. The idea… Read more »
Welcome to part five of “iOS Application Security Testing Series” You can find the Part 4 here. In this article, I like to go over App Transport Security (ATS) from pen tester’s perspective. What does that mean exactly? First, I like to walk you through basic testing-related archaeology and help you set up the… Read more »
Welcome to my 4th blog post on “iOS Application Security Testing Series”. You can find Part Three here. In this article, we will look at applications Runtime analysis using Objection runtime Mobile Exploration toolkit, powered by Frida. We will look at how we can obtain information about a class (methods, instance variables) and modify them… Read more »
Welcome to my third article on “iOS Application Security Testing Series”. You can find Part Two here. In this article, we will look at applications that use Jailbreak Detection and Certificate Pinning as defenses – and how they can be bypassed. Is it a good idea to block execution on jailbroken… Read more »
Welcome to my second article on “iOS Application Security Testing Series”. You can find Part 1 here. Imagine a scenario where you, as an iOS Application Security Tester, are tasked with auditing an application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a… Read more »
Welcome to my article on “iOS Application Security Testing Series” In this series, I will provide information on iOS Application Security testing, starting from the Setting Up a Testing Environment for iOS Platform, all the way to Testing Data Storage, Cryptography, Authentication, Network Communication, and Reverse Engineering. In this part,… Read more »