.png)
4 hours ago
5 BOOK THIS SPACE FOR AD
ARTICLE AD
I am back with a new article. In this post, I will share some information on how to perform an account takeover in a mobile application.
As mentioned in previous posts, always perform the reconnaissance phase as long as you are able to. You need to spread this over several days and advance towards targeting mobile applications. This is important because bugs that are fixed on the web side might still be active on the mobile side.
The fact that mobile developers focus solely on application security can lead to significant vulnerabilities in structures that communicate through the backend via APIs.
First, as a former mobile developer, I can say that mobile applications are not planned in the same way as websites. In mobile applications, most operations and checks are done via APIs. Often, sanitization processes are overlooked here. This is why you might encounter SQLi and XSS vulnerabilities in the API communication part. However, don’t ignore the account takeover risks in API communication as well.
Now, let me talk about the multiple vulnerabilities I found in the mobile app of a cinema website that is visited by 15 million people each month.
If a mobile app has a membership system and does not use Firebase as a model, definitely start…
Bengali (Bangladesh) · 
English (United States) ·