MDSec Research
MDSec consultants are at the cutting-edge of technical security. One of the reasons is because we are helping to sharpen it with tools, techniques, and advisories. You will find details of our research here.
Advisories:
The following issues were discovered by MDSec consultants:
- CVE-2011-0204: Apple ImageIO TIFF Heap Overflow
- CVE-2011-1931: FFMpeg Out of Array Write in AMV Parsing
- CVE-2011-0194: Apple ImageIO TIFF Image Integer Overflow
- CVE-2010-1845: Apple ImageIO PSD Image Memory Corruption
Whitepapers:
iOS Application (In)Security: This whitepaper details some of the vulnerabilities identified by MDSec over the past year whilst performing regular iOS application reviews. |
|
Tools: |
|
|
OAP: A framework for automating Oracle database penetration tests (Release pending). |
|
|
iAuditor binary release: A semi-automated framework for penetration testing iOS applications. |
|
|
iAuditor source code: The github hosted source repository for iAuditor. |
|
Presentations |
|
|
Evaluating iOS Applications: OWASP, PricewaterhouseCoopers, Manchester |
|
|
iOS Application (In)Security: OWASP, Google, Dublin |
|
|
Beyond the OWASP Top Ten: OWASP, Google, Dublin |
|