“If it’s a thing, then there’s an app for it!”…We trust mobile apps to process our bank transactions, handle our private data and set us up on romantic dates. However, few of us care to wonder,”How (in)secure can these apps be?” Well… at Troopers 19, you can learn how to answer this question yourself!
In our 2 day long “Hacking mobile applications” workshop, we teach how to find security vulnerabilities in mobile apps, exploit them and defend against them. We start from scratch, therefore no prior experience in hacking or developing mobile apps is required. Whether you want to learn how to pentest mobile apps, you are an app developer that fancies to secure his/her apps, or just curios, our workshop is a jumpstart to your goal.
Throughout the workshop, we build the mentality of hacking mobile apps. We explain the top 10 vulnerability categories of mobile apps. Then, we introduce different methods to locate them, such as dynamic testing, analyzing data storage, code analysis and doing magic with Frida. The workshop covers the three main types of mobile apps: Android, iOS and web mobile apps. We explore Android and iOS apps in their respective environments to understand how to apply the aforementioned methods to hack them. As for web mobile apps, we touch aspects of web applications’ security and their similarities with those of mobile apps.
The workshop is full of exercises and demos. We introduce powerful tools that we use in our daily job to pentest mobile apps, and that you will use to hack vulnerable test apps. Tools will be delivered to the attendees in a Virtualbox virtual machine, therefore please make sure that Virtualbox is installed and working on your computer. We provide our attendees with mobile devices during the workshop hours to practice the exercises, so they do not need to worry about risking their own devices.
You can check out the agenda and get more information about the workshop here .We are looking forward to seeing you in Troopers 19 🙂
Ahmad & Florian