Monthly Archives: May 2011
The OWASP Mobile Top 10 Risks for iOS Developers
The OWASP Mobile Top 10 Risks is an overview of a generic list of the most common risks found in mobile applications. We see these risks in mobile applications every day. When we see them they often show up as vulnerabilities in the applications we are assessing. No list, such as this, can adequately cover [...]
androidAuditTools : Dynamic Android analysis tools
Project is hosted on github: https://github.com/wuntee/androidAuditTools When taking the SANS reverse engineering malware class, the two analysis techniques taught are dynamic and static. These concepts/techniques are directly applicable to any sort of reverse engineering. When I am assessing, or pen-testing an application I usually separate my thought process into one of those two buckets. During dynamic analysis of a [...]
Hijacking NFC Intents on Android
Google IO had a “How to NFC” session today where they demoed and described using NFC on Android. One of the items they pointed out was the desire to use NFC for instant gratification and zero-click interactions. The only default application on the Nexus S that I’ve seen this in before today was Google Maps, [...]
BeaCon
Last weekend Corey, Zach, and I went to BeaCon, organized by MassHackers. This was one of the most fun and interesting conferences I’ve been to this year, and I know other people there felt the same way. It was cool to talk in front of such an approachable and lively group of people and overall [...]
