![]() ![]() This category includes analysis of the final core binary to determine its source code, libraries, algorithms, and other assets. This category covers binary patching, local resource modification, method hooking, method swizzling, and dynamic memory modification. ![]() ![]() This would be the catch-all for code-level implementation problems in the mobile client, which is distinct from server-side coding mistakes. This is the "Security Decisions Via Untrusted Inputs," one of our lesser-used categories. This is a category to capture any failures in authorization (e.g., authorization decisions in the client side, and forced browsing) This category is for issues where cryptography was attempted, but it was not done correctly. This category captures notions of authenticating the end user or bad session management This covers poor handshaking, incorrect SSL versions, weak negotiation, cleartext communication of sensitive assets, and so on This category covers misuse of a platform feature or failure to use platform security controls. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |