четверг, 12 сентября 2013 г.

The mobile application's role in web application security audits

Modern web projects have also mobile applications.
In terms of client-side model, mobile application is a client, like a browser.
Server is web application: PHP/Java/RoR or another platform's code.

Mobile applications interact with the server just like a browser, because HTTP(S) protocol are very common.

Thus, when we talk about security audit of web application as a server application code, we must also carry out a security checks of the parts that interact with mobile applications, not just those which interact with browsers.

In order to understand how mobile application communicates with application server, which sends requests (which uses urls, parameters), it is necessary to explore mobile app.

The most simple and reliable way for this purpose is to intercept the traffic on the same network that mobile application uses to send requests to application server. This may be a wi-fi or your network card, if the application is run in the emulator.

But recently, we have found another easier way to collect references left in the code by developers of mobile applications. This method is an excellent complement to the first option with the interception of traffic.

Free online service hackapp.com allows you to perform a safety check of mobile apps for iOS including collecting links within mobile applications.

A few examples:
http://hackapp.com/open#8f311762063d536ca6353b3b5ab4d02d
Samsung mobile print application:


This information also can help auditors during penetrations testing.

But sometimes this service surprises us with a startling discovery, for example, private keys!
http://hackapp.com/open#e9e5b174f4955cb4993fbf3393460005
Samsung (again) SmartTangoTalk application:
Enjoy!

5 комментариев:

  1. By and large, you will be made a request to give your last months bank articulation or a 30-day printout of all you're financial records exchanges.
    Payday Loans San-diego

    ОтветитьУдалить
  2. By picking a confided in bank, who has a notoriety for reasonable loaning rehearses, and astounding client benefit, you will have the capacity to get to a decent Payday advance which causes you through a money deficiency. Payday Loans Chicago

    ОтветитьУдалить
  3. Numerous loan specialists are very adaptable in such manner, and may work out an option installment plan for you.
    Car Title Loans Chicago

    ОтветитьУдалить
  4. Rounding out payday credit applications is regularly observed as a final desperate attempt to right money related wrongs.
    Check Cashing

    ОтветитьУдалить
  5. Rather than setting the fault on a cash industry that at any rate offers assistance, discover extra approaches to offer assistance. Payday Loans

    ОтветитьУдалить