Introduction to Android Application Exploitation

Workshop covering the basics of Android Application Pen-testing and Exploitation

Shruthi Kamath

@shruthikamath

The OWASP Mobile Top Ten

Submitted Aug 2, 2015

This section covers the top 10 vulnerabilities of mobile

Outline

The top 10 covers the following:

M1: Weak Server Side Controls
M2: Insecure Data Storage
M3: Insufficient Transport Layer Protection
M4: Unintended Data Leakage
M5: Poor Authorization and Authentication
M6: Broken Cryptography
M7: Client Side Injection
M8: Security Decisions Via Untrusted Inputs
M9: Improper Session Handling
M10: Lack of Binary Protections

Requirements

Hardware:

Laptop with admin privileges.
Minimum 10 GB of free space.
Minimum 4 GB RAM.
Any of the following Operating Systems:
a. OS X
b. Win 7 and above
c. Ubuntu

Software:

1.Must have VM Player or VirtualBox installed on their machines.
2.The vulnerable APKs will be shared at the venue.

Speaker bio

Apoorva Giri

Apoorva works as a Security Analyst with iViZ Security (a Cigital company). She is the co-founder of InfoSec Girls, a community that aims to encourage more women to enter the domain of Information Security. She has presented a workshop on “Cyber Security and Ethical Hacking for Women” at c0c0n 2014 at Kochi, Kerala. She’s an active member of Null/OWASP Bangalore Chapter. She has been listed on the Barracuda Hall of Fame for finding vulnerabilities on their application. She is currently working on Mobile Application security.

Her contact information is below:

Email id: apoorvagiri19@gmail.com | Twitter: @cedricfanapoo | Website: https://infosecgirls.in

Shruthi Kamath

Shruthi works as a Security Analyst at Infosys Limited. She is the co-founder of InfoSec Girls. She is a certified Ethical Hacker from EC Council. She’s an active member of Null/OWASP Bangalore Chapter. She is passionate about learning new things. Her interest in InfoSec lies in web application security. She has spoken at security conference like c0c0n and null meets. She has been a part of Jailbreak NULLCON 2014. She presented a talk on “Cybercrimes in India and its Mitigation” at the National Conference for Women Police held at Trivandrum

Email id: shruthikamath30@gmail.com | Twitter: @shruthikamath30 | Website: https://infosecgirls.in

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

droidconIN is an annual conference on Android, part of the worldwide series of events. more