Skip to content

godfreynolan/MobileSecurityWorkshop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
content
content
 
 
README.md
README.md
 
 

Repository files navigation

Mobile Security Workshop

  • Lab 1: Decompile 101

    In this lab , we find and download an app from a rooted or jailbroken phone. We also download the saved data. We then decompile/disassemble the code and view the user's data.

  • Lab 2: Weak Server Side Controls

    In this lab , using OWASP's Herd Financial app we show how a hacker can view and manipulate user account data. We show how to use tools to scan your server to improve its security.

  • Lab 3: Insecure Data Storage

    In this lab , using OWASP's Goat Droid app we show how a hacker can find a user's information in shared preferences and SQLite databases.

  • Lab 4: Insufficient Transport Layer Protection

    In this lab , we use a proxy server to view unencrypted http and https traffic.

  • Lab 5: Unintended Data Leakage

    In this lab , we see what 3rd party libraries are sending back to base.

  • Lab 6: Poor Authorization and Authentication

    In this lab , we see how user's credentials are often stored inappropriately allowing hackers to gain access to someone's account.

  • Lab 7: Broken Cryptography

    In this lab , we see how insecure cryptography can expose your user's information. We look at how to decrypt and also how to properly encrypt data so it can't be compromized.

  • Lab 8: Client Side Injection

    In this lab , we see how a hacker can use SQL injection and XSS to bypass an app's security and how to prevent it.

  • Lab 9: Security Decision via Untrusted Input

    In this lab , we see how implicit intents can allow hackers to pry open your app and how to secure it using explicit intents.

  • Lab 10: Improper Session Handling

    In this lab , we see how never expiring tokens can allow a hacker to backup these tokens from one phone to another.

  • Lab 11: Lack of Binary Protections

    In this lab , we obfuscate an app and see how successful it is at protecting your code.

  • Lab 12: Debugging an app

    In this lab , we make an app debuggable, reinstall it and then step through the app within the IDE.

  • Lab 13: SafetyNet API

    In this lab , we add the SafetyNet API to our app and detect when it's running on a rooted phone.

  • Lab 14: Frida

    In this lab , we add use the JavaScript injection tool, Frida, to hack an app.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published