877.791.9571 |

About the Author:

Prateek Gianchandani, a recent IIT graduate, has interests in the field of Penetration Testing, Web Application Security and Intrusion Detection. He is currently a researcher for InfoSec Institute. In the past he has worked for security-based startups. You can contact him at prateek.searchingeye@gmail.com and on twitter @prateekg147 or you can visit his personal website at highaltitudehacks.com
iOS32-03252014

iOS Application Security Part 32 – Automating tasks with iOS Reverse Engineering Toolkit (iRET)

While doing security audit of iOS apps, there are a lot of tasks that we have to repeat every time. This includes finding out the class information for the […]

IOS-31-03192014

IOS Application Security Part 31 – The problem with using third party libraries for securing your apps

In this article, we will talk about why we shouldn’t completely rely on using third party libraries for securing our apps. Usually, some of the things we try to […]

iOS-Application

IOS Application Security Part 30 – Attacking URL schemes

In this article, we will look at how we can use a feature in iOS named url schemes to exploit an application. URL schemes are used by applications to […]

dvia-02252014

Getting started with Damn Vulnerable iOS Application

In this article, I will write about how to get started with Damn Vulnerable iOS Application. Damn Vulnerable iOS App (DVIA) is an iOS application that I wrote to […]

Broken_01292014

IOS Application Security Part 29 – Insecure or Broken Cryptography

In this article we will look at an example of Insecure or Broken Cryptography which is a common vulnerability found in most IOS applications. This vulnerability occurs when the […]

hopperapp01272014

IOS Application Security Part 28 – Patching IOS Application with Hopper

In Part 26 of this series, we looked at how we can use IDA Pro and Hex Fiend to patch an IOS application and modify its implementation. Patching an […]

iOS-App-Security-09242013

IOS Application Security Part 27 – Setting up a mobile pentesting environment with IOS 7 Jailbreak

In this article we will look at how we can set up a mobile pentesting platform on our device with the new IOS 7 jailbreak. There has been quite […]

AppSecurityTest02182013

Security Predictions for 2014

As the year 2013 draws to a close, we decided to make some predictions for the most popular Security Trends in 2014. Here is what we think are the […]

IOSfilesystem

IOS Application Security Part 26 – Patching IOS Applications using IDA Pro and Hex Fiend

,

In the previous applications we have looked at how we can hijack method implementations during runtime using Cycript, and even change the logic of the code rather than changing […]

IOSfilesystem

IOS Application Security Part 25 – Secure Coding Practices for IOS Development

In this article, we will look at some of the best practices an IOS developer should follow in order to make sure that their application is not easily exploitable […]

iPhonejailbroken11252013

IOS Application Security Part 24 – Jailbreak Detection and Evasion

In this article, we will look at the checks a developer can incorporate in his application to check whether the device on which the application is running is jailbroken […]

iOS-Application

IOS Application Security Part 23 – Defending against runtime analysis and manipulation

In the previous articles, we have looked at how we can use debuggers and tools like Cycript to do runtime analysis and manipulation of IOS Applications. We have looked […]

IOSfilesystem

IOS Application Security Part 22 – Runtime Analysis and Manipulation using GDB

In this article, we will look at how we can use GDB to perform runtime analysis of IOS applications. In the previous articles, we have looked at how we […]

iOS-App-Security07082013

IOS Application Security Part 21 – ARM and GDB Basics

All the IOS devices released uptil now are based on the ARM architecture. All the Objective-C code that we write while developing IOS applications is first converted into ARM […]

iOS-Application

IOS Application Security Part 20 – Local Data Storage (NSUserDefaults, CoreData, Sqlite, Plist files)

In this article, we will look at the different ways in which applicatons can store data locally on the device and look at how secure these methods are.

We will […]

iOS-App-Security-09242013

IOS Application Security Part 19 – Programmatical Usage of Introspy

In this article, we will look at how we can Introspy as a python module in our scripts.

The first thing to do is to import the introspy module and […]

iOS-App-Security-09242013

IOS Application Security Part 18 – Detecting custom signatures with Introspy

In the previous article, we looked at how we can use Introspy for Black-box assessment of IOS applications. In this article, we will look at how we can use […]

iOS-App-Security07082013

IOS Application Security Part 17 – Black-box assessment of IOS Applications using Introspy

In this article, we will look at how we can use Introspy for Black-box assessment of IOS applications. Introspy is developed by ISEC partners and its github page can […]

iOS-App-Security07082013

IOS Application Security Part 16 – Runtime Analysis of IOS Applications using iNalyzer

In the previous article, we looked at how we can perform static analysis of IOS Applications using iNalyzer. In this article, we will look at how we can use […]

IOSApplicat-09032013

IOS Application Security Part 15 – Static Analysis of IOS Applications using iNalyzer

In the previous article, we looked at how we can use Sogeti Data protection tools to boot an iDevice using a custom ramdisk with the help of a bootrom […]