, Track 1
Explore the ever-evolving landscape of mobile app testing, from fundamentals to advanced techniques. Witness real-world examples of vulnerabilities that led to an account takeover and other live demos. Unlock the secrets of mobile app testing and take your skills to the next level!
Are you curious about how mobile apps work and how to exploit them? If you share my curiosity, come listen in!
Overview
- Basics of Mobile Apps: We'll cover the fundamentals of Android and iOS applications. This includes the architecture, application storage, key storage, and other essentials.
- Pentesting Mobile Apps: Learn the basics of pentesting mobile applications. This involves identifying and understanding common vulnerabilities in applications and a brief overview of the MASVS methodology.
- Live Demonstration: Watch a live example of testing an Android app during an engagement. The demos will showcase techniques to bypass SSL pinning and root detection using Frida scripts and reverse engineering an application.
- Real-World Examples: Explore real-world scenarios where vulnerabilities led to complete account takeovers, focusing on insecure storage and exploiting mobile API endpoints.
What You'll Learn
- Common Vulnerabilities: Identify common vulnerabilities in mobile apps through live demos.
- Protection Strategies: Understand how to protect against these vulnerabilities.
- Future Insights: Gain insights into the future of mobile app security.
Whether you're curious or just want to learn something new, this talk will offer valuable insights and live demonstrations on mobile app security.
I have over five years of experience in the industry as a pentester, managing engagements and leading teams. My recent focus has been on mobile app testing, a field that intrigues me deeply. I hold certifications such as GIAC Mobile Device Security Analyst (GMOB), Offensive Security Certified Professional (OSCP), and CREST Registered Penetration Tester (CRT). My publications include work on geofencing for UAVs and risks associated with remote work.
My passion and enthusiasm for sharing knowledge and inspiring others, especially women in the industry, have been key drivers in my career. I believe this talk will not only provide valuable insights but also motivate others to grow and excel in the field of mobile app security.