This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more.
If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff :)
Attendants will be provided with training portal access to practice some attack vectors, including multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. This includes: Lifetime access to vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.
More Details: https://nanosec.asia/nsp2021/nsp2021p1-practical-mobile-app-attacks-by-example/