[Owasp-leaders] Battle of the cyber warrior:Testing OWASP SeraphimDroid against nasty malware

johanna curiel curiel johanna.curiel at owasp.org
Fri Mar 18 02:49:37 UTC 2016


Hi Nikola

My excuses if I didn't send the report sooner. Indeed I just did and I have
to gather some info on the device. As I user I'm clueless what kind of
information should I provide, but I guess the logs as the report was send
will do this, right? Let me know if this is the case.

I'll attempt install and uninstall.

Keep in mind this is no former test but just blogging about my experience
as an user and experimenting a little, by no means people reading the blog
should see this as a former QA testing procedures or the similar.

Basically I'll install malware on this device, one that will be under a
controlled environment attempting to send info to the C&C

I'll sniff the communication and check how does the project protect me
against this type of attacks to the phone,what kind of warnings are given,
basically report my user experience.

cheers

Johanna

On Thu, Mar 17, 2016 at 10:37 PM, Nikola Milosevic <
nikola.milosevic at owasp.org> wrote:

> Hello Johanna,
>
> Can you tell me a bit more about your device and Android version you are
> using? Also, when was it tested and have you sent the crash report?
>
> I have tried to uninstall and install again the app on my Nexus 5 and it
> works well, so definitely it is not some version in a store that should not
> be there. I am not claiming it does not have any bugs, but what you have
> experienced should not happen.
>
> Also, I would appreciate and probably other leaders as well whose project
> you would be testing, if you could report the problem directly to me or via
> bug tracking platform on Github. I believe writing a blog post with so
> tendentious title and without any details about a problem is a bit unfair.
> Especially, claiming to contact support in a post was false, since I have
> no record of you contacting neither me, nor anyone else who worked on a
> project.
>
> Anyway, the fact is that this should not happen and I would love to help
> you resolve your issue and be able to work with the app.
>
>
>
> Pozdrav/Best regards,
>
> Nikola Milošević
> OWASP Seraphimdroid project leader
> nikola.milosevic at owasp.org
> OWASP - Open Web Application Security Project
> <https://www.owasp.org/index.php/Main_Page>
> OWASP Seraphimdroid Project
> <https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project>
>
> On Fri, Mar 18, 2016 at 2:14 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Leaders,
>>
>> This is a first attempt to use OWASP projects in a real scenario and
>> report my experiences
>>
>> This information will be posted in a blog site I'm working on about my
>> experience testing OWASP projects with real implementations, application,
>> devices and projects
>>
>>
>> http://cybersecuritywarrior.blogspot.com/2016/03/testing-owasp-seraphimdroid-against.html
>>
>>
>> Please feel free to comment
>>
>> Cheers
>> --
>> Johanna Curiel
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160317/e4f86d63/attachment.html>


More information about the OWASP-Leaders mailing list