Android App Security Workshop
Android Application Penetration Testing Training is intended for students/professionals who are interested to make career in Mobile application penetration testing domain. It involves decompiling, real-time analysing and testing android application from security point of view. This training covers understanding the internals of android app, Real-time testing of android applications and some OWASP Mobile Top-10 security issues like Insecure logging, Unintended data leakage, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality.
WHO THIS TRAINING IS FOR
Students interested in Mobile Security
IT Professionals working in Android Development domain
IT professionals working in Information Technology-Security domain.
A detailed understanding of the Android Application internals
A clear understanding of the Android Application Penetration Testing
Ability to analyse an Android Application from a Security Standpoint
Understanding of multiple security tools to be used for Mobile Pentesting
Custom made VM’s
Updated Toolset of softwares/applications used for Mobile Pentesting
Laptop with minimum 30 GB Hard Disk Space & 6GB RAM with administrative privileges
Updated Virtual-box installed
2 Functional USB Ports
TABLE OF CONTENT
Introduction to Android
Android Security Architecture
Android Permission Model
Setting up Mobile Pentest Environment
Android Application Architecture
Bypassing Android Permissions
Dynamic and static analysis of the application
Insecure Data Storage
Poor Code Quality
Trainer 1: Nikhil P K is a Security Engineering Lead at IGS-India" and an International Security Trainer. His area of interest includes Web Application Penetration Testing, Mobile Application Security and Machine Learning. He has presented his talks at International and National level Conferences and meets such as Nuit Du Hack Paris, OWASP AppSec, Cocon International Cyber Policing and Security Conference, DEFCON Bangalore Chapter, Null Open Security Meet Bangalore, Null Open Security Meet Mysore. He is also a Bug Bounty Hunter and has been listed and Acknowledged in the Hall Of Fames of Companies such as Microsoft, Apple, Adobe, Nokia, Engine Yard and AVIRA Antivirus.
Trainer 2: Asha Muniyappa is a Mobile application security researcher. She is a CEH certified professional and is responsible for innovating the mobile app security assets to ensure secure delivery of mobile apps. Her expertise is in Application Security, with key research areas of interest including Mobile Apps, Hacking. She is passionate to learn new techniques for attacking mobile apps and have been researching on performing attack simulations on the apps to determine and exploit security flaws.
Modern iOS App Pentesting And Security for Fun and Profit
Is your product or application has a mobile app? Do you use any of AWS services? Are your product security engineers working on mobile application security? Looking for information about the importance of mobile app security? If your answer is yes to any of these questions, then this talk is for you!
This hands-on session will discuss recent case studies of critical findings in iOS apps and also help to address important issues as encryption key management, authentication issues along with OWASP Top 10 for Mobile (iOS). This training will focus on Pentesting both Objective C and Swift iOS Applications.
Macbook with Xcode (10.1) Installed
Training Contents (not limited to)
Introduction to iOS App Security
iOS Bug Bounty Case Studies
iOS Pentesting Lab Setup
Approach for Objective C and Swift App Pentesting
Reverse Engineering and Binary Analysis
Exploiting iOS Local Data Storage
Exploiting Broken Cryptography
Exploiting Cloud Misconfigurations
Runtime Analysis of iOS Apps
Frida for iOS Pentesting
Analyzing iOS Network Traffic
iOS Secure Coding
WHO SHOULD ATTEND?
Mobile Application Pentesters
Bug Bounty Hunters
iOS Application Developers
People interested to start into Mobile security
End to end iOS App Pentesting
iOS Secure Coding
iOS reverse engineering, runtime analysis
Encryption key management, Defending crypto attacks
Designing secure iOS applications
Trainer 3: Swaroop Yermalkar works as Lead Security Engineer and has authored the popular book “Learning iOS Pentesting” (https://goo.gl/T8jvjJ). Swaroop also lead an open source project - OWASP iGoat (https://igoatapp.com/) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (https://app.cobalt.io/swaroopsy), Synack.inc. He has given talks and workshops at many security conferences including AppSec Israel, AppSec USA 2018, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify. You can reach out to Swaroop at @swaroopsy.
Trainer 4: Shilpa Ranganatha is an iOS application security researcher. She is a CEH certified professional and is responsible for innovating the mobile app security assets to ensure secure delivery of mobile apps. She is keen to expand her horizons and constantly strives to find zero-day vulnerabilities in client applications.
*Note: Registration details will be shared with Trainers and Sponsors
The registration is closed. However, all the events and workshops are on first come first serve basis. Please reach the venue early to grab your spot.