-
Lab 1: Decompile 101
In this lab , we find and download an app from a rooted or jailbroken phone. We also download the saved data. We then decompile/disassemble the code and view the user's data.
-
Lab 2: Weak Server Side Controls
In this lab , using OWASP's Herd Financial app we show how a hacker can view and manipulate user account data. We show how to use tools to scan your server to improve its security.
-
Lab 3: Insecure Data Storage
In this lab , using OWASP's Goat Droid app we show how a hacker can find a user's information in shared preferences and SQLite databases.
-
Lab 4: Insufficient Transport Layer Protection
In this lab , we use a proxy server to view unencrypted http and https traffic.
-
Lab 5: Unintended Data Leakage
In this lab , we see what 3rd party libraries are sending back to base.
-
Lab 6: Poor Authorization and Authentication
In this lab , we see how user's credentials are often stored inappropriately allowing hackers to gain access to someone's account.
-
Lab 7: Broken Cryptography
In this lab , we see how insecure cryptography can expose your user's information. We look at how to decrypt and also how to properly encrypt data so it can't be compromized.
-
Lab 8: Client Side Injection
In this lab , we see how a hacker can use SQL injection and XSS to bypass an app's security and how to prevent it.
-
Lab 9: Security Decision via Untrusted Input
In this lab , we see how implicit intents can allow hackers to pry open your app and how to secure it using explicit intents.
-
Lab 10: Improper Session Handling
In this lab , we see how never expiring tokens can allow a hacker to backup these tokens from one phone to another.
-
Lab 11: Lack of Binary Protections
In this lab , we obfuscate an app and see how successful it is at protecting your code.
-
Lab 12: Debugging an app
In this lab , we make an app debuggable, reinstall it and then step through the app within the IDE.
-
Lab 13: SafetyNet API
In this lab , we add the SafetyNet API to our app and detect when it's running on a rooted phone.
-
Lab 14: Frida
In this lab , we add use the JavaScript injection tool, Frida, to hack an app.
-
Notifications
You must be signed in to change notification settings - Fork 0
godfreynolan/MobileSecurityWorkshop
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published