AppSec Blog: Category - iOS

Secure Coding iPhone and iPad Apps Against MiTM

This is a guest post from security researcher Nitesh Dhanjani. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011. Many iOS applications use HTTP to connect to server side resources. To protect user-data from being eavesdropped, iOS applications often use SSL to encrypt their … Continue reading Secure Coding iPhone and iPad Apps Against MiTM


How Not to Store Passwords in iOS

The WordPress iOS App I was looking for an open source iOS application and quickly came across the WordPress app. Once you log in to your WordPress blog via the app your credentials are then stored on the device itself. If done correctly this is not necessarily a bad thing. However, the WordPress app's implementation … Continue reading How Not to Store Passwords in iOS


UI Spoofing Safari on the iPhone

This is the second in a series of guest posts from security researcher Nitesh Dhanjani. His first post was on Insecure Handling of URL Schemes in Apple's iOS. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011. Popular web browsers today do not allow … Continue reading UI Spoofing Safari on the iPhone


Insecure Handling of URL Schemes in Apple's iOS

This is a guest post from security researcher Nitesh Dhanjani. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011 In this article, I will discuss the security concerns I have regarding how URL Schemes are registered and invoked in iOS. URL Schemes, as Apple … Continue reading Insecure Handling of URL Schemes in Apple's iOS