For many companies mobile application development is a general unknown. Finding the right developers with the correct skills and knowledge to create applications that are both user friendly and secure against the many mobile attack surfaces is difficult to say the least. Doing that while getting your application to market in a timely manner adds an additional level of difficulty.
In viaForensics’ webinar Security Testing Mobile Apps with viaLab, viaForensics Mobile Services Manager Katie Strzempka discusses many of the mobile attack vectors that organizationes and individuals face in today’s workplace.
We will then live demo how to use viaLab, our automated mobile application security testing suite, to efficiently and effectively test your mobile applications for a variety of these security vulnerabilities, enabling you to get to market with your apps faster and more securely than ever before.
Included in the live demonstration:
- Man-in-the-Middle attack
- SQL CPro Injection attack
- SSL Strip attack
- Advanced sensitive data search / discovery
Slides and discussions of particular note:
- 5:45 – Detailing the main viaLab interface
- 11:20 – Automated searching including regular expression and hashed value searches
- 13:00 – Search results, including discovered social security number and password
- 18:40 – Automated SSL strip (HTTPS downgrade to HTTP)
- 19:50 – SSL Proxying
- 21:50 – Advanced forensics analysis using viaLab
- 26:25 – Memory dump and sensitive data searching
- 30:55 – Content provider (CPro) SQL injection
- 31:45 – Advanced assessment options – remote shell and pcap testing
- 34:00 – Reporting
- 36:20 – Q&A