This is part one of a three-part series looking at some security fundamentals for mobile developers.
We’ll be looking specifically at native iOS and Android, demonstrating some examples of common security issues and how to fix them.
In this part, we’re going to examine what information is generally stored by apps in clear-text on the mobile device. Like any computer, a mobile device needs to store information for applications to use. This can be stored in a number of ways such as text files or databases.
To be able to access this information we need to use a jailbroken or…
During my 12 or so years running penetration test companies I’ve had to quote for, and be responsible for delivering 1000’s of tests. The spectrum of clients couldn’t be broader, from 1 person startups to some of the biggest companies in the world.
I decided I wanted to create technology instead of always being the guy with the bad news and I now run a mobile development company. I wanted to share my security experience to help other companies understand best practices when hiring a security testing partner.
Here’s my insider’s guide to getting a pen test ⤵️
AWS CloudFront is a global content delivery network (CDN) which can be used to act as a robust web server for our React applications with very little configuration and zero maintenance.
This is brief guide to hosting a site 👍
Building React For Production
From the CLI issue the command “npm run build”. This should create a “build” folder containing our production assets.
Create An S3 Bucket
On AWS create an S3 bucket to host the code. Don’t worry for now about permissions as we’re going to let CloudFront set the permission later. …
A little configuration I add to all our web dashboards here at Dogtown Media (mobile app developer) which are hosted on CloudFront is to disallow search engines from indexing the site. A little security through obscurity on top of the real security. With CloudFront and Lambda this is quick and easy.
In CloudFront enable a Behavior with the Path Pattern
Mine looks like this:
The first step is to set-up the node.js script that replies to any request with:
This will inform search engines not to index the site.
I wanted to find a relatively cheap and easy way to wake my home PC remotely. I have remote access software but didn’t want to leave my PC running 24 hours a day so I could occasionally access it.
Enter the Particle Photon a ~$19 WiFi connected development board. The thing I like about this is they’ve already taken care of the back-end services. So for a quick home project where I just want to get it done, its a great fit.
The steps I took are as follows:
This is the technology surrounding the so-called 5th generation of mobile connectivity.
This is important as 5G should offer speeds up to 100 times faster than current mobile networks.
So this means you could potentially download a full-length HD movie in a matter of seconds through your phone. Bonkers.
With virtual reality, AI and IoT applications becoming even more bandwidth needy, this is a big deal. The landscape will change for app & game developers, home automation and numerous other industries.
Well potentially yes. It will depend on prices and availability. Personally I have one choice of Internet provider in…
One of the challenges for home automation developers has been how does something sitting in your home network, which is presumably on a private network behind a firewall hidden from hackers, and be readily available to a mobile app on a mobile phone which could be potentially anywhere in the world.
When you receive the little plastic Internet box from your ISP, what you’re generally getting is a modem, router and firewall in one. The combination of these means you can be connected to the Internet but safely hidden from view. …
Previously i’ve talked about how the vulnerabilities exploited in the Mirai DDOS are a remnants of the past, not a sign of the future. But at the same time vendors creating IoT devices do need think about security closely to make sure they’re not part of a future botnet. I’m fortunate to have a foot in both worlds as co-founder of app developers Dogtown Media and penetration testers Tiro Security and have a fairly unique viewpoint as i get to play poacher and gamekeeper with IoT.
I thought I would give 10 practical IoT hardening tips for IoT companies. This…
For one reason or another, it’s a fairly common scenario for an organization to need to move developers. Often this transition is well organized, other times a zip file with no instruction turns up in your email. We want to try and preserve as much information as possible for the new developers to start work on this project.
This usually involves the old and new developers being in communication. But…
The majority of iOS developers are either in the process of learning or now fully developing in Swift.
I wanted to do a quick round up of the three most highly rated Swift iOS Charts libraries on incrediblecode.com. These were chosen on popularity, the variety of charts and functionality.
A great place to start is the popular and aptly named Charts. Written in Swift for iOS, tvOS & OSX. It is worth noting however that the demo project is in Objective C.
This library gives us 8 different chart types:
Line, Bar, Combined, Pie, Scatter, Candlestick, Bubble & Radar