You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Check whether the NSURLRequest was enabled or disabled caching in static analysis. Application may store HTTP Request / Response that might include sensitive information (such as Authorization Token).
Dynamic Analysis
Check the Cache.db in the App directory. That might store the HTTP Request / Response with sensitive information (such as Authorization Token)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Static Analysis
Check whether the
NSURLRequestwas enabled or disabled caching in static analysis. Application may store HTTP Request / Response that might include sensitive information (such as Authorization Token).Dynamic Analysis
Check the
Cache.dbin the App directory. That might store the HTTP Request / Response with sensitive information (such as Authorization Token)References
https://books.nowsecure.com/secure-mobile-development/en/ios/avoid-caching-https-requests-responses.html
https://kunalgupta1508.medium.com/data-leakage-with-cache-db-2d311582cf23
Recommended Testing Guide
https://mas.owasp.org/MASTG/tests/ios/MASVS-STORAGE/MASTG-TEST-0052/
Beta Was this translation helpful? Give feedback.
All reactions