Category Archives: ssl

App security consultancy from your favourite boffin

Posted on 2012-05-30 by Graham

I’m very excited to soon be joining the ranks of Agant Ltd, working on some great apps with an awesome team of people. I’ll be bringing with me my favourite title, Smartphone Security Boffin. Any development team can benefit from … Continue reading →

Posted in Business, ssl, threatmodel | Comments Off

On SSL Pinning for Cocoa [Touch]

Posted on 2011-12-07 by Graham

Moxie Marlinspike, recently-acquired security boffin at Twitter, blogged about SSL pinning. The summary is that relying on the CA trust model to validate SSL certificates introduces some risk into using an app – there are hundreds of trusted roots in … Continue reading →

Posted in code-level, iPad, iPhone, ssl | 6 Comments

On the top 5 iOS appsec issues

Posted on 2011-05-20 by Graham

Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading →

Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability | 2 Comments

Category Archives: ssl

App security consultancy from your favourite boffin

On SSL Pinning for Cocoa [Touch]

On the top 5 iOS appsec issues

OOP the Easy Way

APPropriate Behaviour

APPosite Concerns

FSF