The iOS Security Testing Framework. Needle is the MWR's iOS Security Testing Framework, released at Black Hat USA in August 2016. It is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections.
The release of version 1.0.0 provided a major overhaul of its core and the introduction of a new native agent, written entirely in Objective-C. The new NeedleAgent is an open source iOS app complementary to Needle, that allows to programmatically perform tasks natively on the device, eliminating the need for third party tools.
Needle has been presented at and used by workshops in various international conferences like Black Hat USA/EU, OWASP AppSec and DEEPSEC. It was also included by ToolsWatch in the shortlist for the Top Security Tools of 2016, and it is featured in the OWASP Mobile Testing Guide.
- BlackHat Arsenal USA 2016
- OWASP AppSec USA 2016
- BlackHat Arsenal EU 2016
- BlackHat Arsenal USA 2017
- DEEPSEC 2016