Workshop 02 - Mobile Security Testing Guide Hands-On - iOS Edition

Abstract

This workshop will guide you through your journey of analysing iOS apps for security vulnerabilities. If you just entered the domain of mobile app testing, or have only experience in Web App Testing and would like to make the switch to mobile, this session is ideal for you.

Sven will be teaching you how to analyse iOS apps, by going through the different phases of testing and by sharing his experience and many small tips and tricks to attack mobile apps that he collected throughout his career.

It is no longer mandatory for students to bring their own iOS device, instead Corellium will be offered. A virtual and cloud-based jailbroken iOS instance will be provided for each student.

A brief explanation of the workshop and its topics can be found below.

After explaining some basics around the iOS platform and its security architecture, we start creating an iOS testing environment with Corellium and deep dive into various topics and techniques, including:

  • How to install any app and bypass the app signature verification check on iOS
  • Analyzing the network traffic of iOS applications that are written in Google’s Flutter Framework
  • Crash-Course in Frida for dynamic instrumentation on iOS
  • Analyzing the local storage of an iOS App for sensitive data

The course is hands-on and for each topic above one lab will be provided, developed by the instructor.

After successful completion of this course, students will have a better understanding of how to test for vulnerabilities in iOS apps, how to mitigate them and how to execute tests consistently. The course is based on the OWASP Mobile Security Testing Guide (MSTG) and is conducted by Sven Schleier, who is one of the project leads and main authors. The OWASP MSTG is a comprehensive and open-source book about mobile security testing for both iOS and Android.


When: 02:00 PM, 17 September, 2021

The workshop is free to register, however we can only accommodate 20 participants first come first serve basis.


Speakers Information


Sven Schleier

Sven is a Technical Director at F-Secure Singapore and is specialised in Penetration Testing and Application Security and has supported and guided software development projects for Mobile and Web Applications during the whole SDLC. Besides his day job Sven is one of the core project leaders and authors of the OWASP Mobile Security Testing Guide and OWASP Mobile Application Security Verification Standard and has created the OWASP Mobile Hacking Playground. Sven is giving talks and workshops about Mobile Security worldwide to different audiences, ranging from developers to students and penetration testers.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.