The first day at Ekoparty 2013 was mostly for Registration, Workshops and Wardriving. The venue is really nice, as it has an underground like look and feel. You really feel that you are at a hacker conference. I went first to the workshop called Mobile Apps and How to Pentest them. It was in Spanish but it was quite easy to understand as it was full of technical terms and words in english, also, they have simultaneous translation to english if necessary.
The workshop talked about how to create your own penetration testing lab for mobile applications. The speaker name was Gustavo Sorondo, aka puky. He started showing the different types of mobile apps, systems and devices, and how to work with all of those. He talked about the OWASP Mobile Security Project, which is a very interesting project made by OWASP for Mobile Applications. It has its own OWASP Top 10 for Mobile Apps and also insecure apps for learning like the iGoat or GoatDroid, versions of WebGoat for iOS and Android respectively.
He demonstrated how to set up and user the Android emulator and how to perfom Memory Analysis, Reverse the source code, analyze the logic of the application and how to bypass some security controls that are made by the developers and how to capture and view the communications between the application and it’s servers.
Overall it was a quite interesting workshop and the topic it is very important nowadays as companies are creating more and more mobile apps and they need to be safe and protect their clients data.
Hey Magno! Thanks for the review of my workshop. Glad you liked it!
ResponderExcluir