Downloaded 11 times
Uploaded byPrathan Phongthiproek
Mobile App Hacking In A Nutshell
The presentation covers mobile app hacking, discussing the attack surfaces of mobile applications compared to web applications and emphasizing the importance of secure coding practices. Key topics include runtime manipulation, SSL/TLS security, and practical defenses such as code obfuscation and secure configurations. The speaker also references various OWASP resources and offers strategies for enhancing mobile app security.
Mobile App Hacking In A Nutshell
- 1. Mobile App HackingIn A Nutshell presentation at Mobile Conf 25 Aug 2018, BKK, Thailand Content is available under Creative Commons Attribution-ShareAlike unless otherwise noted. Mobile app hacking in a nutshell Prathan Phongthiproek 2600 Thailand
- 2.
- 3.
- 4.
- 5.
- 6. What is Mobileapp ?
- 7. Attack Surface onWeb Application
- 8. Attack Surface onMobile Application
- 9. Why does itmatter ?
- 12.
- 13.
- 14.
- 15. Patch Them All- Android
- 16. Patch Them All- iOS
- 17. Is secure channelenough ? SSL/TLS
- 18. The SSL PinningRises
- 19.
- 20. Manipulating request/response over securechannel SSL/TLS
- 21.
- 22. Mobile Application HackingDiary Ep.1 https://www.exploit-db.com/papers/26620/ Internet
- 23.
- 24. Quick Wins !! oSecure coding and configuration practices (e.g. OWASP) on server-side: • REST Security Cheatsheet • Authentication Cheatsheet • Session Management Cheatsheet • Cryptographic Storage Cheatsheet • Password Storage Cheatsheet • Transaction Authorization Cheatsheet • Access Control Cheatsheet o SSL Pinning Implementation(End-to-end encryption is preferred) o Code Obfuscation
- 25.
- 26.