If you are the kind of person who enjoys workshops with practical information
that you can immediately apply when you go back to work, this workshop is for
you, all action, no fluff :)
Attendants will be provided with training portal access to practice some attack
vectors, including multiple mobile app attack surface attacks, deeplinks and
mobile app data exfiltration with XSS. This includes: Lifetime access to a
training VM, vulnerable apps to practice, guided exercise PDFs and video
recording explaining how to solve the exercises.
This workshop is a comprehensive review of interesting security flaws that we
have discovered over the years in many Android and iOS mobile apps: An entirely
practical walkthrough that covers anonymized juicy findings from reports that
we could not make public, interesting vulnerabilities in open source apps with
strong security requirements such as password vaults and privacy browsers,
security issues in government-mandated apps with considerable media coverage
such as Smart Sheriff, apps that report human right abuse where a security flaw
could get somebody killed in the real world, and more.