OWASP Top 10 for Objective-C
Get Trained and Stay Ahead of Cybersecurity Threats with Our Vast Library of Application Security Training Content.
Insecure Communication
An insecure communication vulnrability allows an attacker to intercept, read and modify HTTP traffic from and to the backend servers.
Insecure Data Storage
When an Insecure Data Storage vulnerability exists, an attacker can access and modify unprotected sensitive application data. This vulnerability allows the attacker to bypass paywalls, manipulate application behavior and extract user personal information.
Insecure local SQLite Database
An insecure local database vulnerability allows an attacker to read, write and manipulate data in a locally stored SQL database. The attacker is able to extract sensitive user data, manipulate application features such as paywalls, and bypass logins.
Insecure URL Cache
An insecure URL cache vulnerability allows an attacker to access an application which a URL cache database, which contains sent HTTP/S requests and received HTTP/S responses. Such HTTP/S requests and responses may contain sensitive data, such as credentials, tokens, and cookies, which can be used to take over a user accounts.
Insecure URL Scheme
Without proper validation, an attacker can cause an application that supports custom URL schemes to perform unauthorized and malicious actions. Such action can be triggered by an attacker using a malicious custom URL scheme on websites that will trigger the abuse. Such an attack can cause an application to provide sensitive data to the attacker or call an attacker-owned premium number.
Keychain Persistence
A keychain persistence vulnerability causes sensitive data, such as credentials to remain in the iOS keychain even after the relation of an application. An attacker is able to use such credentials by simply reinstalling the previously deleted application and accessing the user account.
Local Authentication
Credentials that are improperly stored in the iOS keychain can be retrieved by an attacked and used to takeover user accounts.
Sensitive Data in Login Fields
Using auto-completion of login fields allows an attacker to login into an application user account even if the authentication process is done through a remote server.
SSL/TLS Pinning
SSL/TLS Pinning provides protection against “Man In the Middle” (MitM) attacks by insuring that HTTPS communication will be allowed only to specific secure servers.
Unprotected Application Access
An unprotected application access vulnerability allows an attacker to access an application that a user has already logged in to and is running in the background.
Ready to get started?
Experience the full Kontra platform and see what it can do for you and your team.
