In association with heise online

17 April 2012, 16:27

Worth Reading: Securely using Webkit WebViews in smartphone apps

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Smartphone icon Many smartphone apps use WebKit WebViews to quickly and easily display HTML pages, but the open source browser engine can also be used to display entire user interfaces. The security specialists at MWR InfoSecurity regularly come across simple, avoidable security problems when testing apps. Because of this, they decided to put together a compact guide on how developers can securely integrate WebViews into their apps.

They started by analysing the iOS interface via iOS UIWebView; a guide for the Android equivalent is planned to follow. The security researchers offer specific tips on areas such as how to limit sites to being loaded from a pre-approved domain and what developers need to consider when using encrypted connections via HTTPS (SSL/TLS).


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit