All systems and database administrators will agree that password complexity does not go very far when it comes to SQL servers. Whether this is done to keep troubleshooting simple for support staff or it is simply a matter of underestimating the risks, it doesn’t really matter. What matters is […]
In this article, we will look at the checks a developer can incorporate in his application to check whether the device on which the application is running is jailbroken or not. Checking whether a device is jailbroken or not can have many advantages for your application. As we have […]
In the previous articles, we have looked at how we can use debuggers and tools like Cycript to do runtime analysis and manipulation of IOS Applications. We have looked at how we can modify the actual implementation of a method during runtime by changing the values in the registers […]
In this article, we will look at how we can use GDB to perform runtime analysis of IOS applications. In the previous articles, we have looked at how we can use Cycript to analyze and manipulate the runtime behaviour of IOS applications. We have learnt how we can perform […]
This article introduces Burp Suite Intruder and shows how it can be used for SQL injection fuzzing.
2. Burp Suite Intruder
It is a part of Burp Suite, which is an integrated platform for website security testing . Burp Suite Intruder is helpful when fuzzing for vulnerabilities in web applications.
All the IOS devices released uptil now are based on the ARM architecture. All the Objective-C code that we write while developing IOS applications is first converted into ARM assembly before being converted to machine code (1s and 0s). With good understanding of the ARM assembly language and with […]
In the previous article, we discussed how the sudden increase in the use of web services makes it an important attack vector. Also, we covered different components of web services, different elements of WSDL, their uses, where to start, and how to perform penetration testing.
In this article we will […]
IOS Application Security Part 20 – Local Data Storage (NSUserDefaults, CoreData, Sqlite, Plist files)
In this article, we will look at the different ways in which applicatons can store data locally on the device and look at how secure these methods are.
We will be performing some of these demonstrations in a sample app that you can download from my github account. For the […]
A phone used to be a simple device you would make phone calls with. It could have your contact list, or even a log of recent contacts, but that was about it. The idea of security when it came to a mobile phone wasn’t high on many people’s priority […]
Cross-site scripting (XSS) is one of the most dangerous and most often found vulnerabilities related to web applications. Security researchers have found this vulnerability in most of the popular websites, including Google, Facebook, Amazon, PayPal, and many others. If you look at the bug bounty program closely, most of […]
Abbreviated as WP, Windows Phone is a new Smartphone operating system developed by Microsoft in order to succeed the old Windows Mobile. This “new” operating system may potentially be the major mobile platform in next few years. Windows Phone is still a young proprietary mobile operating system, which can […]
In this article, we will look at how we can Introspy as a python module in our scripts.
The first thing to do is to import the introspy module and Namespace from argparse module.
We then create an instance of the Introspy class. The arguments that we need to provide are […]
Web application security is quite popular among pen testers, so organizations, developers and pen testers treat web application as primary attack vector. And, as web services are relatively new as compared to web applications, it is considered a secondary attack vector. Due to a lack of concern or knowledge, […]
Abbreviated as WP, Windows Phone is a new Smartphone operating system developed by Microsoft in order to succeed the old Windows Mobile, and this “new” operation system will be potentially the major mobile’s platform in next few years. Windows Phone stills young proprietary mobile operating systems which mean its […]
In the previous article, we looked at how we can use Introspy for Black-box assessment of IOS applications. In this article, we will look at how we can use Introspy to set up our own custom signatures and detect them in an application trace. Setting up our own predefined […]
Web application security is quite popular among the pen testers. So organizations, developers and pen testers treat web applications as a primary attack vector. As web services are relatively new as compared to web applications, it’s considered as secondary attack vector. Due to lack of concern or knowledge it […]
In the previous article, we looked at how we can perform static analysis of IOS Applications using iNalyzer. In this article, we will look at how we can use iNalyzer to perform runtime analysis of IOS applications. We can invoke methods during runtime, find the value of a particular […]
Now days, smartphones and tablets are most the popular gadgets. If we see recent stats, global PC sale has also been decreasing for the past few months. The reason behind this is that people utilize tablets for most of their work. And there is no need to explain that […]
In the previous article, we looked at how we can use Sogeti Data protection tools to boot an iDevice using a custom ramdisk with the help of a bootrom exploit. In this article, we will look at a tool named iNalyzer than we can use for black box assessment […]
In Part 1 of the article we have discussed about the iPhone application traffic analysis. Part 2, Part 3, and Part 4 covered in-depth analysis of insecure data storage locations on the iPhone. Part 5 covered runtime analysis basics with Cycript. In this part we will take a look […]