Logging – Mobile Application Penetration Testing #6
Welcome back to the long awaited next entry in Brackish Security’s Mobile Application Penetration Testing series. When conducting mobile application penetration testing, inspecting logs on iOS and Android is a crucial step in understanding how an app behaves, particularly in how it handles sensitive data, error handling, and debugging information. Log files can provide insight […]
More MobSF – Mobile Application Penetration Testing #3
Mobile Application Penetration Testing
Mobile Application Penetration Testing – #2 – MobSF Intro
If you haven’t read the previous entry in the Mobile Application Penetration Testing series, check it out. In this post we will start in with a frequently use mobile application security tool – MobSF. This is a tool that you’ll pretty much want to use on every mobile test that you do. As said before, […]
Mobile Application Penetration Testing – #1 – Getting Started
Welcome to the first of many parts of our series on Mobile Application Penetration Testing. We wanted to write this series because it seems like a lot of the material out there on mobile application penetration testing is out of date, wrong, or lacking. Furthermore, when it comes to mobile application penetration testing, there are […]
Certification Pinning and Root Detection: Helpful but Not Unhackable
Introduction As mobile app developers, we are constantly striving to create secure and reliable applications for our users. To achieve this, we often employ various security measures such as certificate pinning and root detection. While these practices undoubtedly enhance the security of a mobile app, it’s important to understand that no solution is ever completely […]
Insecure Direct Object Reference (IDOR) Vulnerabilities: Understanding, Exploiting, and Detecting
Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most prevalent security risks in web applications. In this blog post, we will discuss what IDOR […]
OWASP Mobile Application Security Testing Guide (MASTG)
Intro With the ever increasing use of mobile applications in various aspects of our lives, ensuring the security and privacy of users has become a top priority for developers and organizations alike. As mobile applications store and process sensitive data, securing them against potential attacks is of utmost importance. The Open Web Application Security Project […]
