AppSec Europe 2014

Mobile application hacking and its security is becoming a major concern in today’s world specially with BYOD and user’s jailbreaking/rooting their devices. Scanning and vulnerabilities detections are two major areas for mobile applications in current state. Attacking techniques and exploit delivery on different platform are evolving, protection is even tougher as code base are different. The frequency of release for the mobile application is significantly higher than the web application. It is imperative to scan these applications before loading and launching for different platforms. 

Amongst the mobile attacks described in OWASP Mobile Top 10 project, Local storage being the key attack which affects the security and privacy of the user. Need for an hour is to have automated program to penetrate local storage in most widely used mobile platform (android and iOS). Interestingly, Android SDK provides an API which can be used to monitor file system. On the iOS, one needs to use jailbreak device to attack local storage. Along with presentation, new version of the free tools (Separate for android and iOS) will be released. Android tool uses API to monitor android file system where iOS tool relies on OS features. Methodology to perform application penetration testing using the tools will be demonstrated along with several different demonstrations on attacking local storage for both platforms along with defense strategies.