Automated Static and Dynamic Security Analysis of Mobile apps

location_city Bengaluru schedule Jun 14th 03:30 - 05:00 PM place Jupiter people 50 Interested

This workshop will cover mobile application security testing techniques which comprises different security bypassing methods and automation of static and dynamic analysis of mobile apps.

Below are the some techniques and tools will be used for demonstrating mobile application security.

  • Root detection bypass
  • SSL Pinning bypass
  • Static Security Analysis using MobSF and Burpsuite
  • Miscellaneous vulnerabilities in Mobile applications
 
 

Outline/Structure of the Workshop

  • Challenges in Mobile apps security
    • Mobile app level attacks are becoming common now a days.We will discuss how to overcome these
    • Big hurdle for penetration tester to intercept the mobile apps traffic when SSL pinning and root detection is enabled
  • How to bypass SSL pinning and root detections
    • We will be covering Xposed framework and its modules
  • Use of tools for Static and Dynamic Analysis
    • How to use Drozer,MobSF and other security tools

Learning Outcome

Audience will get the hands-on experience of automating mobile apps security assessment and various bypassing techniques ,what are all the open source tools available and how to use them.

Target Audience

Security enthusiasts ,beginners ,Manual and automation QA engineers

Prerequisites for Attendees

  • Knowledge of Mobile applications..
  • Bring own laptops with the required tools/softwares installed
schedule Submitted 1 year ago

Public Feedback


    • Justin Ison
      Justin Ison
      Sr. Software Engineer
      Applitools
      schedule 1 year ago
      Sold Out!
      45 Mins
      Demonstration
      Beginner

      In today’s agile world the time to market is becoming increasingly shorter. There is a constant desire to release ASAP to keep ahead of the competition and to please users with updated/new features. Because of this, we have less time to fully do manual and exploratory testing of our apps. Especially, when you consider all the combinations of OS's, Locales, Accessibility, Orientations & Resolutions apps support. Running anywhere from 1 to 100's of Appium crawler bots (covering all of those combinations) at once we can discover more issues quickly and efficiently without having to write a line of code.

      UI Automation also has its limitations as it only tests for expected results. Crawler bots test the unexpected, by collecting metadata such as logs, app strings, screenshots, memory and reporting back it’s finding for review so we can test all these combinations quickly and more efficiently. In this talk, I will go over the current challenges we face in today's development world, why we need more tools to help us keep pace, and cover how you can build your own Appium crawler.

      I've open sourced this tool and is available here for everyone to use: https://github.com/isonic1/Appium-Native-Crawler

    • Liked Bruno Alassia
      keyboard_arrow_down

      Bruno Alassia - Go beyond the software, automate hardware scenarios on Android Emulators

      Bruno Alassia
      Bruno Alassia
      Sr. Software Engineer
      SauceLabs
      schedule 1 year ago
      Sold Out!
      45 Mins
      Talk
      Intermediate

      Explore the limits Appium can help you achieve to control the Android Emulator behavior. Automate network emulation, receive fake SMS and phone calls, change the battery states and levels and a lot more, all using real-life test cases. What happens to my app if I lost connection? How does my UI react to an incoming phone call? And more.

      https://slides.com/vrunoa/appium-conf-2019#/

      https://github.com/vrunoa/appium-conf-2019

    • Liked Eran Kinsbruner
      keyboard_arrow_down

      Eran Kinsbruner / Uzi Eilon - Future-Proofing Testers in the Age of AI, ML, and Bots

      45 Mins
      Talk
      Advanced

      We're all hearing the buzzwords of AI, machine learning, chatbots, and next-generation testing. Does this mean that the days of traditional testing as we know and practice it are over? Eran Kinsbruner doesn't think so. Join him to learn about the clear transformation happening toward smarter testing techniques and tools. These approaches will drive better pipeline efficiency and release velocity with high quality, and Eran thinks this means good things for the testing practice and practitioners. You'll discover the key trends that are happening around AI, machine learning, and bots in the web and mobile landscapes, and get the ability to identify some early adopters who are taking the lead in these domains. Learn some key requirements and skills that are required for a test engineer to shift toward the future of automation, as well as the changes testers will need to undergo in order to become future leaders in this space.

    • Liked Andrew Murphy
      keyboard_arrow_down

      Andrew Murphy - Leadership is a choice. So make it!

      45 Mins
      Talk
      Intermediate

      There's a huge problem in our industry, I call it "inertia-driven leadership".

      We promote our "rock star" engineers, with their excellent technical skills, into leadership positions; then we sit back and watch as they fail.

      We wonder why they fail at leadership but the answer is simple, we don't support them to improve their people skills!

      In fact, we often don't even help them realise that the role of a "senior developer" is drastically different to that of a "leader"

      What we can we do to stop inertia in our new leaders?

      How can we support them to learn the soft skills they need?

      How can we position with them that those soft skills are important to their career?

      That is what we will discuss in this session.