With organizations continuing to build and enhance their mobile applications and developers embracing new ways of building applications to improve the speed to market and customer experiences, billions of dollars are invested in Appsec tools. However, 85% of these applications still contain known vulnerabilities, and most breaches occur at the application layer. Automated DAST helps in combating such vulnerabilities.

Dynamic Application Security Testing (DAST) is an advanced testing method that tests the production environment and analyzes application security at runtime. This type of black box testing identifies real-world vulnerabilities externally without much need for insights into the product provenance of any single component. By simulating real-world attacks in your system, DAST identifies critical security gaps that other vulnerability assessments and static methods might miss.

This article provides a detailed guide on successfully integrating Swagger UI into web applications using EmberJs as the Javascript framework and Webpack as the module bundler. We will cover the step-by-step process, including any challenges encountered along the way and how we resolved them. For those unfamiliar with Ember Js or Webpack, we have included introductory sections to get you up to speed. If you’re already familiar with it, feel free to skip directly to the integration steps.

Businesses have gone mobile-first, and with good reason—people are spending more time and more money on their phones than ever before. For instance, in 2023, an estimated 66% or 2/3rds of all online orders were made from mobile devices. And in 2024, businesses are expected to spend $402 billion on mobile advertising. Mobile apps have become the first choice for users for their online activities in banking, e-commerce, media streaming, social media, etc.

If you have ever jailbroken an iOS device, you have likely encountered many things that we will discuss today. Let's start with one of the most commonly used terms that gets thrown around: iOS tweaks. There are plenty of them out there, depending on the needs - whether for fun or profit, simple or complex - ranging from making your lock screen look fancy to running your banking app on a jailbroken device.

Before end-to-end (E2E) testing frameworks, the software development industry struggled with fragmented and inefficient testing methods. Testing was manual, labor-intensive, and prone to human error, which limited testing coverage and left many critical issues undetected until later stages of development. This manual approach relied heavily on developers and testers executing test cases by hand, leading to substantial inefficiencies and incomplete test coverage.

Zimperium's Global Mobile Threat Report found that unique mobile malware samples grew by 51% in 2022. According to Anne Neuberger, the US Deputy National Security Advisor for Cyber and Emerging Technologies, the annual average cost of cybercrime will reach over $23 trillion in 2027. The threat landscape and the cost of ignoring security are increasing. It is no longer advisable to just be reactive but proactive in maintaining the security of mobile devices.

SQL injection vulnerabilities may affect any website or application that employs an SQL database, such as MySQL, Oracle, SQL Server, or others. Malicious actors may use them to gain unauthorized access to sensitive information, such as customer information, personal data, trade secrets, and more. For example, SQL injections were responsible for 23% of global vulnerabilities in 2023, Moreover, 19% of the internet faces cross-site scripting (stored) attacks.

You might already know a fair bit about r2frida by now - its definition, usage, features, installation, and examples - something we discussed in the previous blog of this series. In case you missed out on it, you can find it here. In this blog, we will explore how r2frida can be instrumental in manipulating an iOS app's runtime.

In iOS app security, the ability to seamlessly blend static and dynamic analysis capabilities is paramount. One tool that stands out in this domain is r2frida. This unique tool combines the robust binary analysis functionalities of Radare2 with the dynamic instrumentation features of Frida, creating a potent toolkit for dissecting iOS applications and fortifying their security posture.