07Jan, 2014

Missing Security Features in Windows Phone 8

As I have spent some time researching and developing a WP8 application security testing methodology and process, I have come up with three key security features that are missing from Microsoft’s Windows Phone 8. From an offensive security perspective, these feature are good to have for testing but from an end user perspective, they are […]

30Dec, 2013

Preparing iOS 7 to test iOS apps

Now that evad3rs released evasi0n to jailbreak iOS 7 we may begin testing iOS apps on iOS 7! This post will cover the steps and tools to set up your jailbroken iOS 7 device for testing mobile apps. From the Cydia app on the device, search and install the following: OpenSSH MobileTerminal BigBoss Recommended Tools […]

26Dec, 2013

Hotmail & Basic Auth on iOS Mail App

Continuing my exploration of iOS Apps, I setup an email account with the iOS Mail App and Hotmail. The iOS Mail App will use whatever protocol it is configured to use to retrieve and send email. In this case, I chose Microsoft Hotmail. To capture traffic and see what is going back and forth, I […]

01Nov, 2013

iOS Stocks App

Following this week’s hype of HTTP Request Hijacking presented at RSA Europe 2013, I began experimenting with iOS apps that use HTTP instead of HTTPS. In this post I will summarize the presented attack vector and focus on the iOS Stocks App. Summary of HTTP Request Hijacking HTTP Request Hijacking should only work on apps […]