Android Application Pentesting 101: How to Hack Android Applications for Beginners

Presented at Still Hacking Anyway (SHA2017), Aug. 5, 2017, 3 p.m. (240 minutes).

Have you ever wondered what kind of vulnerabilities exist in mobile applications, how to exploit them and how to modify existing android applications? This workshop does not cover the less technical topics such as the history of Android, but it will give you an introduction to the world of mobile application penetration testing. We will be using a 70% hands-on approach and 30% lecture style format. #DeviceSecurity #NetworkSecurity #Training Have you ever wondered what kind of vulnerabilities exist in mobile applications, how to exploit them and how to modify existing Android applications? This workshop does not cover the less technical topics such as the history of Android, but it will give you an introduction to the world of mobile application penetration testing. We will be using a 70% hands-on approach and 30% lecture style format. Attendees should expect to work under guidance on given tasks during the workshop. The workshop also includes an introduction to common Android application issues, hints on how to exploit those and a follow up explanation. After the workshop attendees should be able to identify and exploit common Android application vulnerabilities and also to modify and extend them. <h2>Overview</h2> Topics: <ul> <li>Introduction to Android Internals</li> <li>OWASP and Mobile Application Testing</li> <li>Introduction to Workshop VMs</li> <li>Reconaissance Phase of a Mobile Application Test</li> <li>Native Android Tools</li> <li>MITM Vulnerabilities</li> <li>Authorisation Bypasses</li> <li>Reversing of Android Applications</li> <li>Other Common Android Application Vulnerabilities</li> </ul> <h2>Who should attend this course</h2> Anyone that has a desire to understand how Android mobile applications work and what risks they can expose. <h2>Requirements</h2> Basic understanding of scripting concepts, basic Linux knowledge. <h2>What you should bring with you:</h2> <ul> <li>Operating system with at least 4GB of RAM (8GB recommended) and at least 25 GB of free disk space</li> <li> Virtualization software capable of running OVA</li> <li> Willingness to learn and have fun!</li> </ul> <h2>What we will provide:</h2> <ul> <li>Pre-configured penetration testing environment and a virtual Android device</li> <li>Workshop materials</li> </ul> <h2>Trainer</h2> <b>Christian Becker</b> and <b>Tim Guenther</b> work as penetration testers for Context Information Security in Germany. They both have several years of experience in performing penetration tests such as in the areas of application testing, infrastructure testing, testing of mobile applications and devices as well as others. They also run local OWASP meetings in the Ruhr area of Germany.

Presenters:

  • Christian Becker
    Working for a pentest company in Germany, organising local OWASP meetings, etc
  • Tim

Links:

Similar Presentations: