Abstract
Ever wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying InfoSec job. Watch as Dinesh walks you through his new and shiny updated custom application, “Android-InsecureBank” and some other source code review tools, to help you understand some known and some not so known Android Security bugs and ways to exploit them.
This presentation will cover Mobile Application Security attacks that will get n00bs as well as 31337 attendees started on the path of Mobile Application Penetration testing. Some of the vulnerabilities in the Android InsecureBank application that will be discussed (but not limited to) are:
- Flawed broadcast receivers
- Weak authorization mechanism
- Root detection and bypass
- Local encryption issues
- Vulnerable activity components
- Insecure content provider access
- Insecure webview implementation
- Weak cryptography implementation
- Application patching
- Sensitive information in memory
Expect to see a lot of demos, tools, hacking and have loads of fun.