Mobile Hacking Crash Course

In this session – the first in a series of three on mobile hacking – we begin with some fundamentals of mobile apps and discuss testing methodology.

What you’ll learn

  • Why learning to hack mobile apps is worthwhile
  • Types of applications
    • Pure native
    • Hybrid
    • Web wrappers
  • Popular hybrid app framework quirks
  • Languages to learn
  • How to select a target
  • Basics of setting up proxy for mobile
  • Testing methodology starting point
    • Standard web bugs
    • Credential storage bugs
    • Insecure connections
    • Embedded secrets
    • Session token oddities
    • Debug/dev interfaces
    • Insecure data storage
    • Insufficient crypto
    • Confidential data in app switcher

Video