Tag Archives: Audit

iOS and Android application code audit

Playing with Android Studio and iPhone simulator this week, to get an application ready for source code review without having to release the code itself.

As usual the code within android is a bit messy, whilst iOS code is absolutely clean and easy to read. What I expected.

Running the android emulator without Intel HAXM acceleration is horribly slow.
No problems an absolute comfort on iOS with Xcode on the other side. (admitted that iOS code is being compiled to native x86, so this is quite an unfair comparison)

https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/iOS_Simulator_Guide/Introduction/Introduction.html
https://developer.android.com/tools/devices/emulator.html

Wrote a F5 Networks BigIP ASM Audit Tool

https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-1-what-is-the-asm

Today I spent some time to write an automatic audit tool to
crosscheck various configuration parameters within F5’s
Application Security Manager on their BigIP Loadbalancer.

In addition to daily config change diffs which are monitored in subversion, now IPv6 typos will be reported, missing iRules for certain services detected, assigned ASM policies per vServer and assigned certificates checked.

Also expiration times of SSL certificates reported, amongst a few other things.

Very useful now.
This should have been done within the box itself.