Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.NOTE: In 2020, a new talk will substantially improve this one to include an interesting third app and better explain the other ones. In late 2019, I had the privilege of giving a talk …
Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] …
Bully API, Government-Mandated Apps, MASVS, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-AUTH-1, Password Leak, Smart Sheriff, South Korea
Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] …
Android, Crypto, Government-Mandated Apps, Java, MASVS, MitM, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-CRYPTO-1, Smart Sheriff, South Korea
Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] …
Android, Crypto, Government-Mandated Apps, MASVS, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-CRYPTO-1, Smart Sheriff, XOR
Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] The OWASP Mobile Application Security Verification Standard classifies …
addJavaScriptInterface, Android, Government-Mandated Apps, MASVS, MitM, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-PLATFORM-7, Smart Sheriff, South Korea
Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis. Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: …
Android, DeepSec, Government-Mandated Apps, MASVS, MitM, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG‑NETWORK‑2, Public Speaking, Smart Dream, Smart Sheriff, South Korea
Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.Previous blog posts you might have missed and maybe you would like to read first for background: Part 1: Intro Part 2: Translating APKs The OWASP Mobile Application Security Verification Standard classifies the flaw …
Brucon, Government-Mandated Apps, MASVS, MitM, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-NETWORK-1, Public Speaking, Smart Dream, Smart Sheriff, South Korea, SSL, TLS
Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.If you missed Hacking Mandated Apps – Part 1: Intro please start there for background 🙂 Translating APKs in beautiful exotic languages As explained in the intro, the team did not get access to the sources …
Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.NOTE: This was all coordinated work with human rights activists, vulnerabilities were reported, findings public, and talk (below) given! 🙂 Is monitoring your children something your country’s government asks you to do? Do you feel …
Page 12: Browse more insights and updates from our blog archives. This page continues our expert content on security, research, and analysis.With so many automated tools around it is no wonder that many organizations choose to automate some aspects of security testing. There is value in doing this, especially when we refer to fuzzing supervised …