Mobile App Hacking In A Nutshell
•
2 likes•238 views
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
Mobile App Hacking In A Nutshell
- 1. Mobile App Hacking In A Nutshell presentation at Mobile Conf 25 Aug 2018, BKK, Thailand Content is available under Creative Commons Attribution-ShareAlike unless otherwise noted. Mobile app hacking in a nutshell Prathan Phongthiproek 2600 Thailand
- 6. What is Mobile app ?
- 7. Attack Surface on Web Application
- 8. Attack Surface on Mobile Application
- 9. Why does it matter ?
- 15. Patch Them All - Android
- 16. Patch Them All - iOS
- 17. Is secure channel enough ? SSL/TLS
- 18. The SSL Pinning Rises
- 20. Manipulating request/response over secure channel SSL/TLS
- 21. Attacking on API
- 22. Mobile Application Hacking Diary Ep.1 https://www.exploit-db.com/papers/26620/ Internet
- 24. Quick Wins !! o Secure coding and configuration practices (e.g. OWASP) on server-side: • REST Security Cheatsheet • Authentication Cheatsheet • Session Management Cheatsheet • Cryptographic Storage Cheatsheet • Password Storage Cheatsheet • Transaction Authorization Cheatsheet • Access Control Cheatsheet o SSL Pinning Implementation(End-to-end encryption is preferred) o Code Obfuscation
- 26. Thank you init 0