All Ruby on Rails Node JS Android iOS React Native Frontend Flutter QA
Introduction Recently, our iOS security team was looking for a security analysis tool and we tested MobSF as one of our solutions. MobSF is a tool recommended by OWASP in its Mobile Security Testing Guide. It has binary analysis, source code analysis, and dynamic analysis, but sadly dynamic analysis is only available on Android. MobSF has many security testing options and has really great potential. There was one problem though, it only supported Objective-C for iOS code analysis. 
Read more
Introduction When we are developing flawless and user-friendly applications that are helping the people of the world in their daily lives, we need to remember a very important aspect – security. As engineers, we have to make sure that valuable data in our applications will not be compromised. We should, of course, follow good practices like communicating with our server via https and other common approaches. However, as Android Developers, we also have to remember other vulnerabilities that our applications are facing every day.
Read more

Android Jetpack Security

Introduction Security is undoubtedly an important element in mobile applications, but unfortunately, doing everything correctly is a complex task. Recently, Google released its security-crypto library as part of jetpack components to ease the process of making apps more secure.
Read more

Certificate Pinning in iOS

Introduction Certificate pinning is one of the basic security mechanisms of network communication. Every developer should be aware of it. The OWASP security organization includes it in their “General Best Practices” and “iOS Specific Best Practices”. This shows how important this topic is.
Read more
This article is part of a series: Android Security Analysis Tools, part one - JAADAS Android Security Analysis Tools, part two - DIVA app and AndroBugs Android Security Analysis Tools, part three - Drozer and QARK  Android Security Analysis Tools, part four - MobSF We present last part of the series of blog posts dedicated to security analysis tools for Android apps. The tools discussed in the series were suggested by the OWASP Mobile Testing Guide (MSTG). In the previous parts we discussed JAADAS, Androbugs, Drozer and QARK. This chapter will focus on MobSF, which is also suggested by MSTG. The main goal of the overview is to find the best tool that will be also easiest to integrate with existing CI/CD stacks.  
Read more
This article is part of a series: Android Security Analysis Tools, part one - JAADAS Android Security Analysis Tools, part two - DIVA app and AndroBugs Android Security Analysis Tools, part three - Drozer and QARK Android Security Analysis Tools, part four - MobSF   Welcome to the third part of the blog posts series dedicated to security analysis tools for Android apps. The series focuses on the tools suggested by the OWASP Mobile Security Testing Guide (MSTG). In the first part we discussed the problem of security analysis and looked at the JAADAS framework. The second blogpost  was dedicated to an overview of the AndroBugs framework and the DIVA app as a benchmark for security testing on Android. In this chapter, we will focus on two tools - Drozer and QARK.
Read more
This article is part of a series: Android Security Analysis Tools, part one - JAADAS Android Security Analysis Tools, part two - DIVA app and AndroBugs Android Security Analysis Tools, part three - Drozer and QARK Android Security Analysis Tools, part four - MobSF   In the previous article, we began our exploration of security testing in Android applications. We started by discussing the testing problem and analyzing the first testing tools suggested by OWASP Mobile Testing Guide (MSTG). In this chapter, we will focus on the next tool for static security analysis suggested by MSTG - AndroBugs.
Read more
This article is part of a series: Android Security Analysis Tools, part one - JAADAS Android Security Analysis Tools, part two - DIVA app and AndroBugs Android Security Analysis Tools, part three - Drozer and QARK  Android Security Analysis Tools, part four - MobSF
Read more
Log entries are very important in a developer’s life. We use it to display useful information, errors, workflows or even to debug something. Logs are very helpful during the development process, but should we leave them in a production app? Exposing information about the app Every information that we log can be a potential source of security issues! 
Read more
Introduction Nowadays, IoT sensors are almost everywhere and they can sense information that may affect privacy or reveal information that wasn’t intended if it leaks. Particularly, Wireless Sensor Networks(later called WSN) are used extensively in many applications related with health monitoring, environmental monitoring, military purposes and home automation. Security of the privacy rights and the system from malicious attacks is vital when talking about this kind of applications because of the information they sense, plus the combined computational power. Unfortunately, since individually they are not wealthy regarding computational power and battery life, WSNs are not able to deal with traditionals cryptography algorithms to secure data transmission. That’s why other methods and algorithms must be designed and used for IoT systems.
Read more
Newer
Need a successful project?
Estimate project or contact us
Netguru Codestories | Security