Skip to main content
Information Security

Questions tagged [webview]

Ask Question

The tag has no usage guidance.

7 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
2 votes
1 answer
932 views

Isn't HTTPS enough to prevent MITM in mobile apps? Why is SSL Pinning needed?

I am making a webview that is going to be part of a native iOS and Android app, I implemented the webview using HTTPS as a protocol, and developed my NodeJS app there. But the security team from where ...
gtbono's user avatar
gtbono
  • 713
0 votes
0 answers
134 views

Understanding the Webview (html) code coming from the server

I am using an Android app downloaded from playstore and wanted to know whether the app uses Webview. So, I tried intercepting the network calls with the help of Charles (proxy) and I found out that ...
Nikhil_Coder's user avatar
Nikhil_Coder
  • 1
1 vote
1 answer
912 views

Is this url verification with startsWith secure?

I would like to know if this code is secure to validate that a url is from my domain before loading it a webview in android : if (!url.startsWith("https://www.example.com/test/")){ // don't load ...
Neolex's user avatar
Neolex
  • 394
1 vote
1 answer
155 views

What is the impact of controling the content of a webview in Android?

I'm learning android application pen testing and I'm kinda lost about what can do an attacker that control the content of a webview ? I guess if there is no javascript enabled there is no impact, ...
Neolex's user avatar
Neolex
  • 394
1 vote
1 answer
7k views

How would someone XSS into a WebView?

There are several articles about XSS vulnerabilities in Android/iOS WebViews. By WebView I mean the 'real' webview not SFSafariViewController or Chrome Custom Tabs. I understand the main concept of ...
Tafel's user avatar
Tafel
  • 111
0 votes
1 answer
2k views

Why does my Cordova app contain an SQLite file with credit card tables?

We have created a mobile app that includes a view for payment with credit cards. We have used Cordova so we can pusblish our app for Android and iOS. During some tests an SQLite file was found on /...
Elo's user avatar
Elo
  • 3
1 vote
0 answers
2k views

HTTP security headers for native and webview based mobile applications

OWASP Security Headers Project recommends the following security headers for web applications. Out of the following which headers are relevant to mobile applications? HTTP Strict Transport Security (...
Shiv Sahni's user avatar
Shiv Sahni
  • 975