AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Typestatus for non jailbreak8/1/2023 OWASP Architectural Principles That Prevent Code Modification or Reverse Engineering.You can learn more about principles and technical risks of reverse engineering and code modification in these OWASP documents: Integrating some of the controls into your app might increase the complexity of your app and even have an impact on its performance.The goal is to discourage reverse engineers from performing further analysis. Apps should combine these measures cleverly instead of using them individually.Apps must never use these measures as a replacement for security controls, and are therefore expected to fulfill other baseline security measures such as the rest of the MASVS security controls.These measures should be applied as needed, based on an assessment of the risks caused by unauthorized tampering with the app and/or reverse engineering of the code. Research shows that many App Store apps often include these measures. This chapter covers defense-in-depth measures recommended for apps that process, or give access to, sensitive data or functionality. MASVS Group MASVS-RESILIENCE iOS Anti-Reversing Defenses ¶ Overview ¶ The Mobile Application Security Verification Standard Making Sure that the App Is Properly Signed Testing Auto-Generated Screenshots for Sensitive Informationĭetermining Whether Native Methods Are Exposed Through WebViews Verifying the Configuration of Cryptographic Standard Algorithmsĭetermining Whether Sensitive Data Is Exposed via IPC MechanismsĬhecking for Sensitive Data Disclosed Through the User Interface Testing Reverse Engineering Tools Detectionĭetermining Whether Sensitive Data Is Shared with Third Partiesįinding Sensitive Data in the Keyboard Cache Testing for Debugging Code and Verbose Error Logging Making Sure that the App is Properly Signed Make Sure That Free Security Features Are Activated Testing Local Storage for Input ValidationĬhecking for Weaknesses in Third Party Libraries Testing for Java Objects Exposed Through WebViews Testing for Vulnerable Implementation of PendingIntent Testing for Sensitive Functionality Exposure Through IPC Testing Custom Certificate Stores and Certificate Pinningĭetermining Whether Sensitive Stored Data Has Been Exposed via IPC MechanismsĬhecking for Sensitive Data Disclosure Through the User Interfaceįinding Sensitive Information in Auto-Generated Screenshots Testing the Configuration of Cryptographic Standard Algorithms Testing the Device-Access-Security Policy Mobile App Tampering and Reverse EngineeringĪndroid Tampering and Reverse Engineeringĭetermining Whether Sensitive Data Is Shared with Third Parties via Embedded Servicesĭetermining Whether Sensitive Data Is Shared with Third Parties via Notificationsĭetermining Whether the Keyboard Cache Is Disabled for Text Input Fields Introduction to the OWASP Mobile Application Security Project
0 Comments
Read More
Leave a Reply. |