Code Security Guidelines for Java/Android and iOS

Secure Coding Practices - Quick Reference Guide

The OWASP Java™ and JVM Technology Knowledge Base is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies. The focus of these pages is on guidance for developers and architects using Java frameworks and JVM based technologies for web application development, on OWASP components that use Java and on participation in OWASP projects that use Java and JVM technologies. Moreover, we aim to provide security related guidance for system administrators managing Java and JVM based applications and tools.

The project is not limited to Java. It aims to also address topics around the JVM in general.

Community content is key to security information. The project depends on content from developers throughout the Java and JVM ecosystem.

OWASP Java Homepage
OWASP Java Guidelines (PDF)

IOS Application Security Testing Cheat Sheet

This cheat sheet provides a checklist of tasks to be performed when testing an iOS application.

When assessing a mobile application several areas should be taken into account: client software, the communication channel and the server side infrastructure.

Testing an iOS application usually requires a jailbroken device. (A device that not pose any restrictions on the software that can be installed on it.)

OWASP iOS Cheat Sheet

Comments

Most Favorite Posts

Dark Theme (Dark Mode) in Android WebViews, WKWebViews and CSS

So your apps just implemented a shiny new dark theme and it’s looking 👌 There are lots of benefits to having a dark theme in your application, and having it consistent throughout your application allows for a great user experience. But what happens when the the user runs into a WebView in your app? Support: if (WebViewFeature.isFeatureSupported(WebViewFeature.FORCE_DARK)) { ... } Set: WebSettingsCompat.setForceDark(webView.settings, WebSettingsCompat.FORCE_DARK_ON) Current setting: val forceDarkMode = WebSettingsCompat.getForceDark(webView.settings) Joe Birch Assuming your question is asking how to change the colors of the HTML content you are displaying in a WKWebView based on whether light or dark mode is in effect, there is nothing you do in your app's code. All changes need to be in the CSS being used by your HTML content. CSS dark mode via :root variables, explicit colors and @media query: :root { color-scheme: light dark; ...

Server-driven UI (SDUI): Meet Zalandos AppCraft and AirBnB Lona

A short WTF: Joe Birch: SERVER DRIVEN UI, PART 1: THE CONCEPT Zalando seems to follow the SDUI principle as well - defining a common design language and construct the screens on the backend while displaying them natively on the clients. They even go one step further; they implemented a mighty toolset to enable non-technical stakeholders to define their own native app screens Compass: Web tooling to create screens and bind data Beetroot: Backend service that combines the screen layout definition with the data Lapis/Golem: iOS/Android UI render engines Crazy cool! Good job, guys (when you do an open-source release?) To even move faster a Flutter based UI render engine implementation was great! See also AirBnB Lona SDUI approach Building a Visual Language Why Dropbox sunsetted its universal C++ mobile project and AirBnB its React Native implementation

Apple Contact Addresses from Promotions, App of the Week and Re

App Store Promotions AppStorePromotion@apple.com App of the Week AppoftheWeek@apple.com Redemption Code request (for online/offline marketing) AppStoreCodes@apple.com

UIDeviceOrientation vs. UIInterfaceOrientation

We stumbled upon a bug in one of our apps: - rotate the Homescreen to Landscape - go to some other screen - put the device on the table and go back - the homescreen is all messed up This behavior was similar with some other View controllers. The problem was in the viewDidAppear where the Interface should be rotated to Layout or Portrait- the UIDevice Orientation was used ( [UIDevice currentDevice].orientation ) an when you put the device on the Table the orientation of the Device is always "UIDeviceOrientationFaceUp". The Problem is that the Device Orientation could be FaceUp in Portrait AND Landscape mode so for this use-case this doesn't give you the proper information. instead determining the orientation by: UIDeviceOrientationIsLandscape([UIDevice currentDevice].orientation) you should do this (at least in View controllers) and use the interfaceOrientation property: UIInterfaceOrientationIsLandscape(self.interfaceOrientation)

Alpha Apps vs. App Unbundling

Aktuell wird viel über das Modell der "Alpha Apps" und "App Unbundling" gesprochen. Hier kurz eine Übersicht und meine 5 cents: Alpha Apps Die chinesische App WeChat geht noch weiter: Neben einem Messenger, vergleichbar mit WhatsApp, bietet sie einen Lieferdienst à la Lieferando, die Möglichkeit etwa das eigene Konto zu checken (wie sonst bei der Bank-App) und gleichzeitig die Chance etwa Promis zu folgen, wie es Twitter bietet. Solche Alpha-Apps können dadurch verschiedene Aspekte und Möglichkeiten des Internets verbinden und werden so zum idealen Zugangsportal zum Netz – so wie traditionell der Browser am Computer. Den Tod des Browsers bedeutet das aber noch lange nicht. Der Browser ist tot, es lebe der Browser! Wirtschafts Woche App Unbundling Unbundling steht für das Unterteilen von Apps oder verschiedener Funktionen in mehrere, eigenständige Applikationen. Aber nicht jede Unbundling Aktion wird positiv von Usern aufgenommen. Facebook Messenger ...

Unidirectional Data Flow Architecture (Redux) in Swift

In this post, I try to explain why using Redux with Swift is better idea [than MVVM]. What is Redux and Unidirectional Data Flow? Redux is a flux implementation but slightly better implementation, it makes your application’s state more predictable. It first came out in Javascript world as a predictable state container for JavaScript apps with the powerful javascript library React. Redux, simply makes your application’s state in single store object. So firing an action from your application/in view’s lifecycle state changes and your reducers for that action generate a new state. Seyhun Akyürek at Medium Replacing Redux in Swift with something better Being a fantastic framework for development doesn’t come without a cost. Every time you update internal state in Redux, the entire interface re-renders. This isn’t a huge deal in most cases. But eventually you might have a situation where one update to state needs to be instantaneous (like using the keyboard shortcut to move f...

I show you mine if you show me yours first - Our current Android and iOS Stack

Something from our internal WeltN24 native apps lab: We just setup a new app from scratch, which puts us in the nice position of incoroporating the latest frameworks an pattern. We go for a Reactive and MVP approach. Please find below some details. I would be happy to hear about your choices - please leave a comment! Android iOS OS Android 4.1 (4.0.3+) API Level 16 iOS 8 Language Kotlin 1.0, with fallback to Java where necessary Swift 2.1.1 Pattern Reactive & MVP Reactive and MVVM Libs AndroidRx Dagger 2 Retrofit 2 Dbflow Glide Crashlytics JW-Player Gson Interstellar Dependency Injection (custom) JW-Player Alamofire JW Player realm.io Carlos BrightFutures ObjectMapper (custom) Testing JUnit Mockito / PowerMock & Hamcr...

Apple Sneaks A Big Change Into iOS 5: Phasing Out Developer Access To The UDID

Apple is making a lot of big changes to its mobile operating system with iOS 5, which is dribbling out in betas for developers ahead of a general release later this year. But there is one big change some developers are just starting to take notice of that Apple isn’t talking about that much. In a recent update to the documentation for iOS 5 (which is only available to registered Apple developers, but a copy was forwarded to me), Apple notes that it will be phasing out access to the unique device identifier, or UDID, on iOS devices such as iPhones and iPads. TechCrunch Solution A: UIDevice-with-UniqueIdentifier-for-iOS-5 Brings back the unique identifier support under iOS 5, it uses the device's mac address in combination with the bundle identifier to generate a new hashed unique identifier. gekitz GitHub Alternate Solution B: Appsfire Announces Open Source UDID Replacement For iOS: OpenUDID It is based on the NSProcessInfo (see globallyUniqueString), but may change ...

iOS & Android Development

Search This Blog