Skip to main content

Code Security Guidelines for Java/Android and iOS

Secure Coding Practices - Quick Reference Guide

The OWASP Java™ and JVM Technology Knowledge Base is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies. The focus of these pages is on guidance for developers and architects using Java frameworks and JVM based technologies for web application development, on OWASP components that use Java and on participation in OWASP projects that use Java and JVM technologies. Moreover, we aim to provide security related guidance for system administrators managing Java and JVM based applications and tools.

The project is not limited to Java. It aims to also address topics around the JVM in general.

Community content is key to security information. The project depends on content from developers throughout the Java and JVM ecosystem.

OWASP Java Homepage
OWASP Java Guidelines (PDF)


IOS Application Security Testing Cheat Sheet

This cheat sheet provides a checklist of tasks to be performed when testing an iOS application.

When assessing a mobile application several areas should be taken into account: client software, the communication channel and the server side infrastructure.

Testing an iOS application usually requires a jailbroken device. (A device that not pose any restrictions on the software that can be installed on it.)

OWASP iOS Cheat Sheet

Comments

Post a Comment

Most Favorite Posts

Server-driven UI (SDUI): Meet Zalandos AppCraft and AirBnB Lona

A short WTF: Joe Birch:  SERVER DRIVEN UI, PART 1: THE CONCEPT Zalando seems to follow the SDUI principle as well - defining a common design language and construct the screens on the backend while displaying them natively on the clients. They even go one step further; they implemented a mighty toolset to enable non-technical stakeholders to define their own native app screens Compass: Web tooling to create screens and bind data Beetroot: Backend service that combines the screen layout definition with the data Lapis/Golem: iOS/Android UI render engines Crazy cool! Good job, guys (when you do an open-source release?) To even move faster a Flutter based UI render engine implementation was great! See also AirBnB Lona SDUI approach Building a Visual Language Why Dropbox sunsetted its universal C++ mobile project and AirBnB its React Native implementation
2 comments
Read more

Dark Theme (Dark Mode) in Android WebViews, WKWebViews and CSS

So your apps just implemented a shiny new dark theme and it’s looking 👌 There are lots of benefits to having a dark theme in your application, and having it consistent throughout your application allows for a great user experience. But what happens when the the user runs into a WebView in your app? Support: if (WebViewFeature.isFeatureSupported(WebViewFeature.FORCE_DARK)) { ... } Set: WebSettingsCompat.setForceDark(webView.settings, WebSettingsCompat.FORCE_DARK_ON) Current setting: val forceDarkMode = WebSettingsCompat.getForceDark(webView.settings) Joe Birch Assuming your question is asking how to change the colors of the HTML content you are displaying in a WKWebView based on whether light or dark mode is in effect, there is nothing you do in your app's code. All changes need to be in the CSS being used by your HTML content. CSS dark mode via :root variables, explicit colors and @media query: :root {     color-scheme: light dark;      ...
Post a Comment
Read more

iOS and Android Campaign Measurement for App installs

Android: Google Play Campaign Measurement Google Play Campaign Measurement is a feature of Google Mobile App Analytics that enables the attribution of native Android app installs to advertising campaigns and other marketing efforts in your Google Analytics app reports. Verifying that your Google Play Campaign Measurement implementatin is working properly before the application is submitted to Google Play ensures that campaign measurement data is as accurate as possible at the time of launch. This guide will illustrate one means of testing a Google Play Campaign Measurement implementation. Developers Google Mobile App Tracking iOS: Cookie Tracking / Browser Identification For iOS no such standard way exists. The main workarounds involve the setting of a cookie in the ad and then opening a WebView with the ad again after install - alternate identify the device by the informations the browser publishes (IP, accept-encoding, ...). There are some rumors Apple woul...
Post a Comment
Read more

Google Developers: Three Flaws in Software Design

Part 1: Three Flaws in Software Design - Part 1: Writing Code that isn't Needed Part 2: Not Making the Code Easy to Change Part 3: Being Too Generic Part 4: Incremental Development & Design + Wrap-up Code Simplicity Presentation
Post a Comment
Read more

Judo App - Server Driven UI out of the box

Judo App Judo brings server-driven UI to your iOS and Android apps. Build user interfaces visually in a fraction of time and publish them instantly without submitting to the app store. Build Experiences - With No Code The Judo app for macOS, available through the App Store, is built for design professionals with common keyboard shortcuts and familiar concepts like canvas, layers and inspector panel. Workflow is streamlined with the ability to drag and drop media files directly into your experiences and manage your own Judo files in Finder. Manage Creative Execution A Judo experience is interactive and can include text, images, video and buttons. An experience may be part of a screen, a single screen, or more typically multiple linked screens. Judo supports screen transitions, carousels, horizontal scrolling and modals. Clients can add custom fonts and define global colors and these are updates applied universally. Effortlessly Deploy Judo Cloud syncs your experiences with your iOS and ...
Post a Comment
Read more

Unity3d - 3D Game Framework

Unity 3 is a game development tool that has been designed to let you focus on creating amazing games. Unity 3d
Post a Comment
Read more