Mobile Hacking Crash Course

In this session – the first in a series of three on mobile hacking – we begin with some fundamentals of mobile apps and discuss testing methodology.

What you’ll learn

• Why learning to hack mobile apps is worthwhile
• Types of applications
  • Pure native
  • Hybrid
  • Web wrappers
• Popular hybrid app framework quirks
• Languages to learn
• How to select a target
• Basics of setting up proxy for mobile
• Testing methodology starting point
  • Standard web bugs
  • Credential storage bugs
  • Insecure connections
  • Embedded secrets
  • Session token oddities
  • Debug/dev interfaces
  • Insecure data storage
  • Insufficient crypto
  • Confidential data in app switcher

Video

---

Next video