OWASP AppSec Research 2013 Training

Mobile application hacking and its security is becoming a major concern in today’s world. In the last few years we have seen a range of new attack vectors and methods of exploitation for these devices. Smart phones and tablets running on iPhone, Android, Windows and Blackberry have taken over the market in frenzy. With an introduction to html5 and native support on most of the mobile platforms, it really becomes interesting how security of mobile devices is shaping up. In today’s world email, social networking, banking everything is possible on the go with Smart phones and derived applications. These Smart phones are now equipped with features like data, Wi-Fi, voice and GPS functions and applications can leverage these features. The sudden growth in the number of applications available for these smart phones does raise a certain level of concern for the user’s security and server supporting these applications. Mobile applications are vulnerable to various sets of different attacks like local storage, user data harvesting, activity spying, unauthorized event injection, UI Jacking, Tab Jacking, Traffic redirection, Logical attacks, hard coded keys and a few other. At the same time Mobile applications are taken with server side over HTTP/HTTPS, it opens up few possible attacks on Web Services and APIs. The server side applications can be attacked with Injections. Several new technology stacks are evolving over Mobile like HTML5 and Silverlight which opens up new attack surface. In this context it is imperative for IT professional and corporate application owners understand these attack vectors along with a mechanism for securing. The class features real life cases, live demos, live hacking, code scanning and defense plans. The following topics will be covered during the class.