[Owasp-bayarea] [Hands-on Event] Mobile Application Security Testing

Prashant Kv kvprashant at owasp.org
Sat Oct 6 19:52:42 UTC 2018


Hi All,
We are glad to have Sven and Jeroen conduct a handson session for OWASP bay
area chapter. This a concise session of their  AppsecUSA training.
Please fill the form to confirm attendance:

Topic:- Mobile Application Security Testing
Date: Monday, October 15th | 6:00PM - 8:00PM
Venue: Demisto, 10061 Bubb Road, Ste 300, Cupertino, CA 95014

Form:- https://goo.gl/forms/mji0K9FppHPqX5AG2

Talk Description:
Introduction to MASVS and MSTG
Demo of analysing apps using MobSF and show what it works
Showcase with Vulnerable Android App
Showcase with Vulnerable iOS App (show also limitations as no class-dump
possible with Swift, only with objective-c)
Introduction of the other tools: MobSF, Drozer, needle, idb
Demo of Android App with Frida, Crackme Level 1,
https://github.com/OWASP/owasp-mstg/tree/master/Crackmes#uncrackable-app-for-android-level-1

Show setup for pentesting of Android and iOS Apps
Show analysis of traffic for Android and iOS
Show how to analyse Xamarin Apps (as proxy setting is bypassed in iOS and
Android)
Repackaging an Android App
Demo with non-jailbroken iPhone
Demo to bypass SSL Pinning in iGoat with objection
Demo to bypass TouchID in an app with objection
Demo to analyse local storage in an app with objection

Pre-requisites:
Docker installed on participants laptop
Python 3 and pip3 installed on participants laptop
Optionally: have iOS with a jailbreak installed to play around during iOS
demos
Do the installation homework
Install objection, burp (community edition)

Sven Schleier
Vantage Point Security, Managing Principal, Singapore
Sven is an application security expert with over 8 years of hands-on
experience in web and mobile penetration testing, network penetration
testing and source code review and is leading the penetration testing team
for Vantage Point in Singapore.
He is an experienced Security Architect and Application Security subject
matter expert that has supported and guided software development projects
for Web Application, iOS and Android Apps during the whole SDLC.
He is one of the core project leaders and authors for the OWASP Mobile
Security Testing Guide, he has created the OWASP Mobile Hacking Playground
and is the project leader of the OWASP Mobile Application Security
Verification Standard. Bernhard Mueller and Sven presented their work
during the OWASP AppSec EU 2017 in Belfast and were also organising and
executing the Mobile Security Workshop at the OWASP Summit 2017 in London.
Sven is giving workshops about Web and Mobile Application Security and Burp
Suite Professional to developers, security champions, penetration testers
and students.

Jeroen Willemsen
Principal Security Architect at Xebia. Netherlands
Jeroen is a passionate hands-on security architect with a nack for mobile
security and security automation. He has spent over 5 years as a full-stack
developer and has worked as a (security) architect and risk manager. He
likes giving training courses about anything software quality and/or
security related: from threat-modelling to mobile hacking, from
cloud-security to security automation. His aim is to help anyone to create
better & secure software.
He worked with large banks, fintechs and with scaleups, startups & small
companies in various other fields.

Again. Please fill the form to confirm attendance:
Form:- https://goo.gl/forms/mji0K9FppHPqX5AG2

Regards
Prashant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bayarea/attachments/20181006/3719777d/attachment.html>


More information about the Owasp-bayarea mailing list