Subscribe to receive all latest blog updates

When developing a mobile app, there are no better cyber security guidelines to follow then OWASP Mobile Top 10 Security Risks.

In the modern cyber security industry, you would be hard pressed to find people who didn't hear about The Open Web Application Security Project or OWASP. They create written materials and tools to help spread knowledge and help fight various security vulnerabilities plaguing modern web applications for any large company and for startup alike.

In 2014 OWASP also started looking at mobile security. Their latest mobile OWASP top 10 was released in 2016 and is still pretty much very relevant. In this article, we will provide a brief overview of this vulnerability list for mobile platforms and will look at what the future has in store for OWASP and mobile security in 2017.

Software is never made perfect and developers can never account for everything. There will always be errors and misses, some of them more prominent than others. Malicious perpetrators often exploit such vulnerabilities to get control over the software in question. And while there is no way to eliminate every possible error, it is possible to protect your software from zero day atatcks and exploits by focusing your efforts and attention on the parts that matter. If you know how perpetrators are finding and using exploits, you can account for it and protect your software. 

In this tutorial we will focus on ever prominent stack overflow exploits, describe the basics of ROP chains, and give some examples of how they work and how to code executable to defend from ROP attacks.

We hope that this will provide you some food for though and become a stepping stone on your journey to write more secure software in the future. And if you need a team of engineers with an extensive experience of creating secure software, you can always contact Apriorit.

Nowadays, it is hard to imagine life without mobile devices. We use them everywhere to facilitate our lifestyle. They help us to communicate with each other, have fun, and even make purchases. We use them at home and at work. These devices accompany us during our business trips and vacations. Our children use them for educational purposes and for amusement. They are part of our daily lives.

A mobile device usually has some operation system (OS) installed on it. The OS allows us to perform basic operations with the device, namely make calls, send SMS, take pictures, surf the Internet, etc. Feature set of OS can be expanded with installation of additional specific mobile apps. They can store our settings, history, passwords and other sensitive data. They track our activity to detect our preferences. Apart from that, they transmit user data to a remote service endpoint to synchronize. Every action, performed by such apps, needs to be properly protected from potential data breaches.

Protection of the sensitive date stored on the mobile devices is a hot topic. There are a huge number of apps that provide access to the corporate (confidential) data, banking and payment tools, social networks and many other web-services, where user authorization is required. That it why it is very important for mobile app developers to care about data protection and build solutions with access security and credential protection in mind. For these purposes, Keystone API 18 brought native support for cryptographic operations to Android. It added AndroidKeyStore provider, which allows to:

  • Generate new private cryptographic key or a pair of keys
  • Work with Keystore entries – receive the list of saved keys
  • Sign/verify data
  • Transfer responsibility for safety of Keystore access to operating system.

In this article, we will show how to use this technology in practice to build secure Android apps with user password encryption and also support earlier Android versions providing password protection by means of other technologies.

There are two types of Outlook plugins: COM and JavaScript. In this article, we will try to compare them by looking at both pros and cons of each of them.

We will also provide you with a practical example of the client-side Outlook plugin, written with JavaScript that receives information about attachments and adds it to the body of the email. This can be used to check whether an email has the right files attached and whether it will be sent to the right people.

In this article, we will make a brief introduction to the driver development for macOS discussing the basics of kernel extension (KEXT) implementation. We will discuss the typical tasks requiring kernel extensions, tools and environment for their creation, and some aspects of this process.

Often companies developing ParentalControl or DLP solutions require access to private data from software, installed on Android devices. For example, messages from Skype/KIK/Viber, etc., or even an access to a browsing history are both good examples of such tasks. By default (and this is what is used most often due to security) all Android apps save data in a so-called

Sandbox – a storage area which other applications cannot access. And if an app doesn’t provide an API to get the data (or simply places the data in memory card where other applications can access it), then this data seemingly cannot be accessed. In this article I want to show one simple and fairly elegant way to access private data of third party applications.

Microsoft Windows Forms® (WinForms) is a library that allows you to develop rich applications with graphical user interface (GUI). This library is a part of .NET Framework. Therefore, such a WinForms application can be developed with any .NET language (C#, F#, VB, etc.), and run on any platform supported by .NET Framework. Not only can it be run on Windows, but also on Linux or Mac OS X (see Mono project). Thus, WinForms is considered multi-platform. However, it is a rather old technology. For new projects, consider using Windows Presentation Foundation® (WPF) instead.

One of the key features of the QT framework is providing communication between objects via signals and slots. For QT developers, this is a very convenient and organic way to do things, but the nature of the feature does not allow to communicate between objects located in different address spaces. Therefore, the need arose to create a library that would allow to establish communication between objects located in different processes in a way when user just needs to connect signals and slots of these objects.

The results of this efforts I called the QRpc library, and here is how it is applied and built.