Fragments 2017

A conference on the mobile ecosystem in India

Tickets

Mobile AppSec From an Attacker's Perspective

Submitted by Abhisek Datta (@abhisek) on Tuesday, 5 September 2017

Section: Full Talk Technical level: Intermediate

View proposal in schedule

Abstract

This primer talk is intended to set the context for a wider discussion on Mobile App Security with some background on web application security. This talk will briefly introduce the participants to the various tools and techniques available in the arsenal of a potential attacker with the objective of spreading security awareness. This will allow the participants to avoid common security issues during coding and better design apps that are secure. Expectations is developers who are quite technical will be able to come up with their mitigation strategies if they know/understand attackers approach.

The talk will cover few case studies of how mobile apps can be used as entrypoints into a larger solution consisting of backend applications and services. It is a common practise to assume that credentials or open web service endpoints hardcoded in a mobile app will not be discovered. We will show how trivial it is to extract such information from an app through static analysis.

Outline

TBD

Speaker bio

Abhisek has over 10 years experience conducting security research and security services including penetration testing, source code review and expert training. He is Head of Technology at Appsecco, where his core focus is building security automation tools & techniques. He has also conducted multiple mobile app penetration testing and proposed solutions to enhance security of mobile apps for corporate clients.

He is an active vulnerability researcher with multiple CVE credited to his name including; CVE-2015-0085, CVE-2015-1650, CVE-2015-1682, CVE-2015-2376, CVE-2015-2555, CVE-2014-4117, CVE-2014-6113.

As an open source software contributor, he has developed or contributed to multiple projects including:

  • Wireplay – TCP Session Replay and Fuzzing Tool
  • Penovox – Generic Hidden Code Extraction using Dynamic Binary Instrumentation
  • HiDump – Injected Code Extraction Tool for Windows Malware Analysis
  • RbWinDBG – Pure Ruby Windows User Space Debugger
  • Ruby-Libnet – Ruby binding for Libnet library

Comments

  • bovave (@bovave) a year ago

    Great People is nothing but the online portal which is created for Kroger employees. Through this portal, employees can check the information they need. https://tellsurvey.xyz/www-greatpeople-me/

  • Nikita iconnect (@niki01) 6 months ago
  • muskan ashdiya (@muskan123) 6 months ago

    MS makes collaboration easy.Open and edit Word Excel and PowerPoint files with anyone anywhere for free when you sign in http://office.com-set-up.support to your Office account.

  • muskan ashdiya (@muskan123) 6 months ago

    Activate mcafee antivirus with the highly professional tech team and get rid of antivirus from computer
    http://mcafee-com-activate.support click here for more details.

  • muskan ashdiya (@muskan123) 6 months ago

    Powerful, lightweight, integrated protection for PC, Mac and Android, cloud-based Webroot Internet Security Complete with antivirus protects personal information by blocking the latest malware, phishing, and cyber-attacks. Visit http://webroot.com-safe-webroot.com to install webroot antivirus in your pc.

  • muskan ashdiya (@muskan123) 6 months ago

    Discover full episodes of original series, movies, schedule information, exclusive video content, episode guides. HBO Go is a TV Everywhere service offered by the American premium cable network http://hbogoactivate.net click here for more details.

  • muskan ashdiya (@muskan123) 6 months ago

    office it the package of office tools to make your working smooth and effective.Get it downloaded in your computer with the fast help http://office.com–setup.support visit here for more details.

  • muskan ashdiya (@muskan123) 6 months ago

    Get the MS Office application suite and as per your need and see how it is easy to work http://www.office-com-setup.support click here for more details.

  • muskan ashdiya (@muskan123) 6 months ago

    Incredible, lightweight, incorporated insurance for PC, Mac and Android, cloud-based Webroot Internet Security Complete with antivirus ensures individual data by obstructing the most recent malware, phishing, and digital assaults http://webroot-com-safe.support click here for more details.

  • muskan ashdiya (@muskan123) 6 months ago

    MS makes collaboration easy.Open and edit Word Excel and PowerPoint files with anyone anywhere for free when you sign in http://office.com-set-up.support to your Office account.

  • Jeff Schell 28 days ago (edited 28 days ago)

    That is a comprehensive talk. He has over 10 years of experience. The talk covers a lot of useful information to know.
    reviewsrabbit

Login with Twitter or Google to leave a comment