- Sven Schleier's Brain Dump Blog (Mobile AppSec Tech Blog)
- A 3-Part Mobile App Security Testing Checklist to Build Your Program
- Mobile App Session Replay & Its Privacy Impact
- How to Spot a Fake Android App
- How to Protect Mobile Apps from MiTM Attacks
- Peering Inside the Mobile Attack Surface
- How to Staff a Strong Mobile AppSec Team
- Think Twice Before Adopting Security By Obscurity in Kotlin Android Apps
- AppSec Threat Modeling: How to Map Your Mobile App Portfolio to OWASP MASVS
- How to Conduct Jailed Testing with Frida
- What to Look for When Reverse Engineering Android Apps
- Adventures in Remote Code Execution and Zip File Vulns — from Samsung and Vungle to ZipperDown
- Certificate Pinning and Hostname Verification: Don’t Get Pinned by a Mobile Man-In-The-Middle Attack
- A security analyst’s guide to NSAppTransportSecurity, NSAllowsArbitraryLoads, and App Transport Security (ATS) exceptions