Sign up for our free Threat Hunting Summit June 17 Register Here

Workshop: Practical Mobile App Attacks by Example

Course Authored by .

Practical Mobile App Attacks by Example with Abraham Aranguren

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you: all action, no fluff.

Course Length: 4 Hours

Includes a Certificate of Completion



Description

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you: all action, no fluff. Participants will gain hands-on experience attacking real-world mobile apps using a provided training portal, covering attack surfaces such as deep links and mobile data exfiltration with XSS.

We will walk through interesting vulnerabilities discovered during years of real-world mobile app pentesting, including:

  • Anonymized findings from confidential reports

  • Flaws in secure open-source apps (e.g., password vaults, privacy browsers)

  • Security issues in government and high-profile apps (e.g., Smart Sheriff)

  • Vulnerabilities with real-world implications (e.g., apps for reporting human rights abuse)

Attendees will leave with a solid understanding of mobile app security anti-patterns and how to exploit or defend against them.

  • System Requirements
    • Laptop with 8GB+ RAM
    • VirtualBox or VMware installed
    • Internet connection
    • Ability to disable antivirus/firewall temporarily
    • Admin/root access on your system

Syllabus

  • Introduction to Mobile App Threat Models

  • Attack Surfaces in Android & iOS

  • Deep Links & URL Handlers

  • WebView and JavaScript Interface Abuse

  • Mobile XSS and Data Exfiltration

  • Hands-on Labs with Realistic Vulnerable Apps

  • Case Studies from Real Pentests (Anonymized)

  • Defensive Recommendations

FAQ

WHO SHOULD TAKE THIS WORKSHOP

• Penetration testers and security researchers
• Mobile app developers with a security focus
• Anyone interested in real-world mobile app security

PREREQUISITES

• Basic understanding of mobile app architecture
• Familiarity with security concepts like XSS, reverse engineering, etc.

AUDIENCE SKILL LEVEL

Intermediate to Advanced

STUDENT REQUIREMENTS

• Prior exposure to mobile apps or security basics
• Comfortable using a command line and tools like Burp Suite, adb, etc.

VM / LAB / STUDENT INFORMATION

• Lifetime access to a training portal
• Vulnerable apps to practice
• Guided exercise PDFs
• Video walkthroughs explaining solutions

About the Instructor

Pixel splash background
Bio

After 17 years in IT security and 24 in IT, Abraham Aranguren is now the CEO of 7ASecurity
(7asecurity.com), a company specializing in penetration testing of web/mobile apps,
infrastructure, code reviews, and training. He is also the co-author of mobile, web and desktop (Electron) app 7ASecurity courses; a security trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events; and an OWASP OWTF project leader for an OWASP flagship project (owtf.org). Abraham holds a major degree and diploma in Computer Science and multiple certificates, including CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, and Security+.

As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard.
He writes on social media as @7asecurity and @7a_ @owtfp and online at https://7asecurity.com/blog. Multiple presentations, pentest reports, and recordings can be found at https://7asecurity.com/publications.

Related products

Shopping Cart

No products in the cart.