Automated Static and Dynamic Security Analysis of Mobile apps

This workshop will cover mobile application security testing techniques which comprises different security bypassing methods and automation of static and dynamic analysis of mobile apps.

Below are the some techniques and tools will use for demonstrating mobile application security.

  • Root detection bypass
  • SSL Pinning bypass
  • Static Security Analysis(Manual and Automation)
  • Dynamic Security Analysis using MobSF and Burpsuite
  • Drozer - Intent bypass
  • Use of APK analyzer and APK editor
  • Miscellaneous vulnerabilities in Mobile applications
 
2 favorite thumb_down thumb_up 8 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/structure of the Session

  • Challenges in Mobile apps security
    • Mobile app level attacks are becoming common now a days.We will discuss how to overcome these
    • Big hurdle for penetration tester to intercept the mobile apps traffic when SSL pinning and root detection is enabled
  • How to bypass SSL pinning and root detections
    • We will be covering Xposed framework and its modules
  • Use of tools for Static and Dynamic Analysis
    • How to use Drozer,MobSF and other security tools

Learning Outcome

Audience will get the hands-on experience of automating mobile apps security assessment and various bypassing techniques ,what are all the open source tools available and how to use them.

Target Audience

Security enthusiasts ,beginners ,Manual and automation QA engineers

Prerequisite

  • Knowledge of Mobile applications..
  • Bring own laptops with the required tools/softwares installed
schedule Submitted 4 weeks ago

Comments Subscribe to Comments

comment Comment on this Submission
  • Sai Krishna
    By Sai Krishna  ~  3 weeks ago
    reply Reply

    Hi Raveendar/Rajesh,

    Thanks for your submission. 

    1. Will you be able to include some of the techniques and tools around iOS Applications like 

    * Reverse Engineering the iOS Applications

    * Decrypting Appstore Binaries

    * Identifying Insecure storage

    2. Do you plan to do live demo ?

    • Rajesh Kumar
      By Rajesh Kumar  ~  2 weeks ago
      reply Reply

      Hi Krishna ,

      Surely; will also cover above techniques mentioned by you and perform a live demo.

      • Srinivasan Sekar
        By Srinivasan Sekar  ~  1 week ago
        reply Reply

        Thanks, Rajesh for your response. Will you be able to cover everything in 45mins including a live demo and Q&A?

        • Rajesh Kumar
          By Rajesh Kumar  ~  1 week ago
          reply Reply

          Hi Srinivasan,

          I doubt, can we increase the time to 1:30 hour.

          • Sai Krishna
            By Sai Krishna  ~  6 days ago
            reply Reply

            Hi Rajesh,

             

            In such case, can this be a candidate for workshop ?

            • Raveendar Reddy Anugu
              By Raveendar Reddy Anugu  ~  6 days ago
              reply Reply

              Hi Sai,

              Sorry for late response..I have updated it workshop(90mins) 

              • Sai Krishna
                By Sai Krishna  ~  5 days ago
                reply Reply

                Thank's Raveendar. Can this be an interactive session?  If it's workshop then we need to spend time on attendees system setup.

                • Rajesh Kumar
                  By Rajesh Kumar  ~  1 day ago
                  reply Reply

                  Hi Sai,

                  Yes, we will be conducting workshop for Android tools and bypass technique. will list out the prerequisite and tools before the session.


  • Liked Justin Ison
    keyboard_arrow_down

    Justin Ison - Appium Native Application Crawler

    Justin Ison
    Justin Ison
    Sr. Software Engineer
    Microsoft
    schedule 1 month ago
    Sold Out!
    45 Mins
    Demonstration
    Beginner

    In today’s agile world the time to market is becoming increasingly shorter. There is a constant desire to release ASAP to keep ahead of the competition and to please users with updated/new features. Because of this, we have less time to fully do manual and exploratory testing of our apps. Especially, when you consider all the combinations of OS's, Locales, Accessibility, Orientations & Resolutions apps support. Running anywhere from 1 to 100's of Appium crawler bots (covering all of those combinations) at once we can discover more issues quickly and efficiently without having to write a line of code.

    UI Automation also has its limitations as it only tests for expected results. Crawler bots test the unexpected, by collecting metadata such as logs, app strings, screenshots, memory and reporting back it’s finding for review so we can test all these combinations quickly and more efficiently. In this talk, I will go over the current challenges we face in today's development world, why we need more tools to help us keep pace, and cover how you can build your own Appium crawler.

    I've open sourced this tool and is available here for everyone to use: https://github.com/isonic1/Appium-Native-Crawler

  • Liked Eran Kinsbruner
    keyboard_arrow_down

    Eran Kinsbruner / Uzi Eilon - Future-Proofing Testers in the Age of AI, ML, and Bots

    45 Mins
    Talk
    Advanced

    We're all hearing the buzzwords of AI, machine learning, chatbots, and next-generation testing. Does this mean that the days of traditional testing as we know and practice it are over? Eran Kinsbruner doesn't think so. Join him to learn about the clear transformation happening toward smarter testing techniques and tools. These approaches will drive better pipeline efficiency and release velocity with high quality, and Eran thinks this means good things for the testing practice and practitioners. You'll discover the key trends that are happening around AI, machine learning, and bots in the web and mobile landscapes, and get the ability to identify some early adopters who are taking the lead in these domains. Learn some key requirements and skills that are required for a test engineer to shift toward the future of automation, as well as the changes testers will need to undergo in order to become future leaders in this space.

  • Liked Bruno Alassia
    keyboard_arrow_down

    Bruno Alassia - Go beyond the software, automate hardware scenarios on Android Emulators

    Bruno Alassia
    Bruno Alassia
    Sr. Software Engineer
    SauceLabs
    schedule 1 month ago
    Sold Out!
    20 Mins
    Talk
    Intermediate

    Explore the limits Appium can help you achieve to control the Android Emulator behavior. Automate network emulation, receive fake SMS and phone calls, change the battery states and levels and a lot more, all using real-life test cases. What happens to my app if I lost connection? How does my UI react to an incoming phone call? And more.

  • Liked Andrew Murphy
    keyboard_arrow_down

    Andrew Murphy - Leadership is a choice. So make it!

    45 Mins
    Talk
    Intermediate

    There's a huge problem in our industry, I call it "inertia-driven leadership".

    We promote our "rock star" engineers, with their excellent technical skills, into leadership positions; then we sit back and watch as they fail.

    We wonder why they fail at leadership but the answer is simple, we don't support them to improve their people skills!

    In fact, we often don't even help them realise that the role of a "senior developer" is drastically different to that of a "leader"

    What we can we do to stop inertia in our new leaders?

    How can we support them to learn the soft skills they need?

    How can we position with them that those soft skills are important to their career?

    That is what we will discuss in this session.