Mobile Weekly @ Umain
About Mobile Security Framework that is an open source mobile application (Android/iOS) automated pen-testing framework capable of performing end-to-end security testing of mobile Apps. Android and iOS
of developers believe Android standard security isn't sufficient. 96% of developers still rely on operating system security. 36% of apps include anti-tampering security measures. https://www.guardsquare.com/state-of-mobile-application-security-report Numbers, numbers, numbers…
application security. The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. https://mas.owasp.org/ https://mas.owasp.org/MAS_checklist/ https://github.com/OWASP/owasp-mastg/tree/master
a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. https://www.imperva.com/learn/application-security/man-in-the-middle-attac k-mitm/ https://en.wikipedia.org/wiki/Man-in-the-middle_attack
an adversary gains physical access to a device and compromises it by tampering or inspecting the hardware itself or the software it contains. Such as uploading malicious payload and modifying the IoT device’s functionality. https://www.sciencedirect.com/science/article/abs/pii/S1084804514 002379
security technology that is built or linked into an application or application runtime environment and is capable of controlling application execution and detecting and preventing real-time attacks.
protect the app against several attack vectors at runtime. • Detection of rooted devices • Detection of emulators • Detection of attached debuggers • Detection of app repackaging • Detection of screen sharing (screen mirroring) • Blocking screenshots of app screens • Blocking screen readers from reading app screens • Tapjacking protection • Detection of HTTP proxy • Detection of VPN • Detection of usage of system screen lock • Obtaining Play Protect status • Changing app process name • Detection of ADB status • Detection of developer options status • Detection of biometry enrollment status • Detection of active call • Activity protection https://developers.wultra.com/components/malwarelytics-android/develop/documentation/RASP-Feature-Overview https://github.com/talsec/Free-RASP-Android
that can serve many goals. But in the end, it’s always about hardening the application code and mitigating risks. Two techniques for testing an application are static analysis and dynamic analysis. Static Analysis is a testing approach that looks at a code-based representation of an application, either through direct inspection of the source code or through decompiling the application and its resources for inspection. Dynamic Analysis is an approach for analyzing an application at run-time. This can be especially useful for identifying behavioral differences for different target platforms/runtimes while evaluating runtime behaviors or protections interactively.
a variety of techniques to analyze and modify the app. Today, it is easier than ever before for a malicious user to deploy various techniques like jailbreaking, rooting, hooking, and more in order to steal decryption keys, intercept communication to servers and more.
mobile apps for a variety of ends, such as to unlock hidden or premium functions, repackage apps to steal confidential data or learn more about the application at runtime to support reverse engineering attempts.
common security starting point for mobile app development teams. It’s a valuable way to get an initial outside assessment of your application when you don’t have the time, tools, or security knowledge in-house to assess the security posture of an application
performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. https://portswigger.net/burp/communitydownload https://www.kali.org/tools/burpsuite/
mobile application (Android/iOS) automated pentesting framework capable of performing end to end security testing of mobile Apps. Android and iOS Hosted in your environment. Your application and data is never send to the cloud. https://github.com/MobSF/Mobile-Security-Framework-MobSF/tree/master
Is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
jacksonfdam
kudoas
ivargrimstad
nekowen
yoppie
ryunakayama
bob3bob3
chiroruxx
joergneumann
gunnarmorling
tomu28
seike460
mizdra
lara
mza
aki_iinuma
erikaheidi
philhawksworth
addyosmani
csswizardry
palkan
cromwellryan
eileencodes
mojombo
holman
