OWASP AppSec Europe 2015

Android App Hacking is a one day course on learning Android application security assessment based on the “OWASP Top 10 Mobile Risks”. This hands-on training is designed around the dummy internet banking application which contains vulnerabilities that were observed by the trainer during his daily application security assessments. This dummy internet banking application has features such as adding a beneficiary account, fund transfer, view statements, OTP, Pin sign-in, etc. to provide attendees a real world application scenario.

Attendees will get familiar with following topics during the class:

• Crash course on – Android application permission model, APK file architecture and – Setting up the emulator.
• Reversing the APK file package
• Investigating app permissions through manifest file
• Understanding, patching and runtime debugging smali code
• Importing SSL certificates and bypassing SSL pinning
• Intercepting traffic and network activity monitoring
• Exploring local data store
• Analyzing system logs
• Understanding components such as content provider, broadcast receiver and activity
• Classification of vulnerabilities based on “OWASP Top 10 Mobile Risks”