Pen testing Mobile Applications presented at ClubHack 2011

by Prashant Verma,

Tags: Security

Summary : Recent studies show that the attacks on mobile applications are on the rise. With mobile applications now used for payments, securing Mobile applications is of utmost importance.
The presentation briefs the audience on Penetration Testing the Mobile applications to assess the level of security built into them. Key aspects in the mobile applications space include-
1. Reading the application stored data on devices.
2. Capturing the requests and manipulating the parameters.
3. Reverse Engineering the application package.
4. Mobile Platform Specific issues.
The presentation further delves into similarities and differences in the manifestation of above issues in Andriod and iOS platforms. The differences are mainly because of how the platform works, for e.g. the iPhone may store data in the plist files but there is no plist concept in other mobiles. Similarly, the solutions and the Platform specific issues call for specific implementations.
The presentation also demonstrates-
Configuring a proxy for the phone.
Reading stored data (iOS and Android).
These are presented based on the internal research work done on these platforms, auditing and pentesting real world mobile applications.
Takeaway:
Vulnerabilities or Insecurities in mobile applications.
Techniques to find mobile application vulnerabilities.
Securing mobile applications.