Brace yourselves: ATS is coming

Application Transport Security Since HTTP is a plaintext protocol and therefore creates inherent security and privacy concerns when used by applications - Apple has decided that it is finally time to start treating the secure alternative, HTTPS, as the de facto web protocol for iOS mobile apps. At WWDC this year, Apple rightly pointed out that simply “enabling” HTTPS does not necessarily mean that you are secure. There are many ways in which HTTPS can be improperly configured resulting in the use of insecure connections. »

Recent Tool Contributions

So recently I made a couple of minor contributions to online iOS tools. Whilst the contributions are tiny, it was my first experience of actually submitting merge requests to other tools. For this reason I thought I’d share them with you. 1. ipainstaller One of the changes introduced in iOS 8 was that applications are laid out differently on the device. Essentially, the application exists as multiple containers spread out across the /private/var/mobile/ directory. »

Integrating Touch ID into your iOS applications

Image copyrights and trademarks belong exclusively to Apple. #What is Touch ID? Simply put, Touch ID is Apple’s fingerprint technology for iOS mobile devices. It allows consumers to unlock their phones and make purchases conveniently using their fingerprint(s). Furthermore, as of iOS version 8.0, Apple opened Touch ID up to developers by making APIs available for use in the SDK. ###Biometric opinions This post assumes you have performed your own risk assessment and are aware of the risks associated with biometric authentication technologies, and that you have decided that Touch ID is suitable for use in your application. »

Securi-Tay IV

##Securi-Tay IV So it’s that special time of year again when families come together. Well, the Abertay Hackers family does at least. Every year, the Abertay Hackers group run an information security conference called Securi-Tay, hosted at the University of Abertay, Dundee. Students and professionals from various different backgrounds descend on Dundee to listen to talented speakers, network with students and industry professionals and generally just have a good time (Scottish to English translation - enjoy the cheaper booze). »

Vulnerability Assessment Workshop

So I’ve been working on something pretty cool lately and I wanted to share some thoughts on it. TL;DR - I’m currently delivering a vulnerability assessment workshop at multiple UK universities with the aim of providing a realistic full day workshop on finding vulnerabilities, engaging with clients, and explaining the issues & guidance in a way that can be easily understood by the client. If you have contacts with, or you represent a university, please do get in touch with me at [email protected] »