In this article, we will look at another cool utility named iDB for pentesting iOS applications.
Before that, i would like to apologize for coming up late with this article. […]
In the previous articles, we have seen how applications like Snoop-it can trace method calls specific to the application at runtime. This is very important in deducing the flow […]
In some of the previous articles in this series, we have looked at how we can modify the behaviour of an application by patching it using IDA Pro, Hopper […]
While doing security audit of iOS apps, there are a lot of tasks that we have to repeat every time. This includes finding out the class information for the […]
IOS Application Security Part 31 – The problem with using third party libraries for securing your apps
In this article, we will talk about why we shouldn’t completely rely on using third party libraries for securing our apps. Usually, some of the things we try to […]
In this article, we will look at how we can use a feature in iOS named url schemes to exploit an application. URL schemes are used by applications to […]
In this article, I will write about how to get started with Damn Vulnerable iOS Application. Damn Vulnerable iOS App (DVIA) is an iOS application that I wrote to […]
In this article we will look at an example of Insecure or Broken Cryptography which is a common vulnerability found in most IOS applications. This vulnerability occurs when the […]
In Part 26 of this series, we looked at how we can use IDA Pro and Hex Fiend to patch an IOS application and modify its implementation. Patching an […]
In this article we will look at how we can set up a mobile pentesting platform on our device with the new IOS 7 jailbreak. There has been quite […]
In the previous applications we have looked at how we can hijack method implementations during runtime using Cycript, and even change the logic of the code rather than changing […]
In this article, we will look at some of the best practices an IOS developer should follow in order to make sure that their application is not easily exploitable […]
In this article, we will look at the checks a developer can incorporate in his application to check whether the device on which the application is running is jailbroken […]
In the previous articles, we have looked at how we can use debuggers and tools like Cycript to do runtime analysis and manipulation of IOS Applications. We have looked […]
In this article, we will look at how we can use GDB to perform runtime analysis of IOS applications. In the previous articles, we have looked at how we […]
All the IOS devices released uptil now are based on the ARM architecture. All the Objective-C code that we write while developing IOS applications is first converted into ARM […]
IOS Application Security Part 20 – Local Data Storage (NSUserDefaults, CoreData, Sqlite, Plist files)
In this article, we will look at the different ways in which applicatons can store data locally on the device and look at how secure these methods are.
We will […]
In this article, we will look at how we can Introspy as a python module in our scripts.
The first thing to do is to import the introspy module and […]
In the previous article, we looked at how we can use Introspy for Black-box assessment of IOS applications. In this article, we will look at how we can use […]