marcofolio.net - Archives (juin 2019)

design, jquery, programming, webdevelopment, fun, php, html, css, javascript

Le: 10 06 2019 à 17:08 Auteur: Marco

If you like tools like SonarQube to continuously check your code quality and you’re a Xamarin developer that wants to make sure their app is secure, you’ll love the Xamarin Security Scanner. The Scanner finds security vulnerabilities by analysing the source code, also known as Static Application Security Testing (SAST). Xamarin Security Scanner on Github The Scanner is inspired by Quick Android Review Kit (QARK), a tool created by LinkedIn to look for several security related Android application vulnerabilities. Take note that the Scanner only finds security vulnerabilities in Xamarin.Android. Xamarin.Forms and Xamarin.iOS aren’t supported yet. The tool reports the following issues: Certificate validation overwritten Permissions may not be enforced Unsafe cipher mode used External storage is used Hardcoded HTTP URL found JavaScript enabled in WebView JavascriptInterface is added to a WebView Logging was found Access to phone number WorldReadable file found Backups are enabled App has debugging enabled App supports outdated Android version App contains a private key When the Scanner finds one (or more) of the above issues, it’ll provide you with a clear output on where you can find the issue. You can exclude certain vulnerabilities as well, if you supply a reason why you don’t think

The post Introducing: The Xamarin Security Scanner appeared first on Marcofolio.net.