OWASP Top 10 for Objective-C

Get Trained and Stay Ahead of Cybersecurity Threats with Our Vast Library of Application Security Training Content.

Insecure Communication

An insecure communication vulnrability allows an attacker to intercept, read and modify HTTP traffic from and to the backend servers.

Insecure Data Storage

When an Insecure Data Storage vulnerability exists, an attacker can access and modify unprotected sensitive application data. This vulnerability allows the attacker to bypass paywalls, manipulate application behavior and extract user personal information.

Insecure local SQLite Database

An insecure local database vulnerability allows an attacker to read, write and manipulate data in a locally stored SQL database. The attacker is able to extract sensitive user data, manipulate application features such as paywalls, and bypass logins.

Insecure URL Cache

An insecure URL cache vulnerability allows an attacker to access an application which a URL cache database, which contains sent HTTP/S requests and received HTTP/S responses. Such HTTP/S requests and responses may contain sensitive data, such as credentials, tokens, and cookies, which can be used to take over a user accounts.

Insecure URL Scheme

Without proper validation, an attacker can cause an application that supports custom URL schemes to perform unauthorized and malicious actions. Such action can be triggered by an attacker using a malicious custom URL scheme on websites that will trigger the abuse. Such an attack can cause an application to provide sensitive data to the attacker or call an attacker-owned premium number.

Keychain Persistence

A keychain persistence vulnerability causes sensitive data, such as credentials to remain in the iOS keychain even after the relation of an application. An attacker is able to use such credentials by simply reinstalling the previously deleted application and accessing the user account.

Local Authentication

Credentials that are improperly stored in the iOS keychain can be retrieved by an attacked and used to takeover user accounts.

Sensitive Data in Login Fields

Using auto-completion of login fields allows an attacker to login into an application user account even if the authentication process is done through a remote server.

SSL/TLS Pinning

SSL/TLS Pinning provides protection against “Man In the Middle” (MitM) attacks by insuring that HTTPS communication will be allowed only to specific secure servers.

Unprotected Application Access

An unprotected application access vulnerability allows an attacker to access an application that a user has already logged in to and is running in the background.

Ready to get started?

Experience the full Kontra platform and see what it can do for you and your team.

Get Your Free Trial

Almost There.

Are you ready to gain hands-on experience with the IT industry’s top tools, 
techniques, and technologies?

Take the first step and download the syllabus.

By clicking "Request Info," I consent to be contacted by ThriveDX, including by email, calls, and text messages, (including by autodialer or prerecorded messages) about my educational interests. I understand that my consent to be contacted is not required to enroll. Msg. and data rates may apply.

Contact (212) 448-4485 for more information. I also agree to the Terms of Use and Privacy Policy.

Download Syllabus

Let’s Talk

Download Syllabus

Apprenticeship Program

Apprenticeship Program

Let’s Talk

Access our Free OWASP Top 10 for Web

Enter your information below to join our referral program and gain FREE access for 14 days

Follow the steps below to get FREE access to our OWASP top 10 for Web course for 14 days

  1. Simply copy the LinkedIn message below
  2. Post the message on your LinkedIn profile
  3. We will contact you as soon as possible on LinkedIn and send you an invite to access our OWASP Top 10 for Web course


Make sure you confirm the tag @ThriveDX Enterprise after pasting the text below in your LinkedIn to avoid delays in getting access to the course.
tagging ThriveDX Enterprise on LinkedIn

Ready to Share?

Take me to now >

Contact ThriveDX Partnerships

[forminator_form id=”10629″]
Skip to content