Overview:

Mobile applications are in a daily use of almost anyone these days and cover different aspects of our life – from fun games to social media, banking applications and much more.

However, unlike web security which got matured over the years, mobile security presents new challenges and new attack surfaces which many mobile developers are not aware of and thus, many mobile applications are vulnerable to even the simplest attacks.

Throughout this seminar, we will learn the theory of common mobile vulnerabilities as well as possible security mechanisms that can be used to mitigate them. For a practical experience, this seminar will also include an active hands-on session to provide real user experience with hacking techniques used to analyze mobile application and find real vulnerabilities that can be exploited in the wild.

Syllabus:

This seminar will be focusing on the popular Android Platform and will cover the following topics:

  • Introduction to Application and Mobile security
    • Terminology and Definitions
  • OWASP TOP TEN & Common Mobile Application Threats
  • Android OS fundamentals
    • Activities
    • Broadcast Receivers
    • Services
    • Content Providers
    • Communication (Intents)
    • APK structure
  • The Android OS Security
    • The Android security mechanisms
    • Application file system isolation
    • Database isolation
    • The permission model
    • Secure Authentication & Authorization
    • Cryptography
    • Secure Communication
    • Data Storage (shared preferences, SQLite)
    • Clipboard separation
    • Code signing
  • Hands-on Sessions – simulations of hacking techniques on demo applications

Info

Main Speaker

Tzachy Horesh
Tzachy HoreshPalantirSecurity