Speakers: Sam Bowne
It's easy to audit Android app security, and very important, because most of them have one or more of the OWASP Mobile Top Ten Risks. I tested the top ten US bank apps, stock trading apps, and insurance apps, and 70% of them were insecure. I'll demonstrate several real vulnerable apps, and show to find SSL validation failures and how to add Trojan code to a vulnerable app to create a Proof-of-Concept. Complete instructions for all these tests are available free at samsclass.info.
- Not Interested