All decks
  • Secure Development

    DevSecOps (Developer track)

  • Demystify docker

    Presented at Accenture Brown Bag

  • iOS Application Security

  • Bangalore - Null Humla Android Mobile Application Offensive Security Workshop

    Our full day Humla session will cover the following topics: • Introduction to Android • Android Security Architecture • Android Permission model • Application Sandboxing • Setting up Android Emulator • Setting up a Mobile Pentest Environment • Reverse Engineering - Understanding, patching and debugging smali code • Investigating app permissions through manifest file • Bypassing Android Permissions • Introduction to Drozer • Using Drozer to find and exploit vulnerabilities • Dynamic and static analysis of the application • Classification of vulnerabilities based on “OWASP Top 10 Mobile Risks”

  • Null Humla Android Mobile Application Offensive Security Workshop

    Introduction to Android • Android Architecture • Android Security Architecture • Android Permission model • Application Sandboxing • Setting up Android Emulator • Setting up a Mobile Pentest Environment • Bypassing Android Permissions · Application Analysis · Reverse Engineering · Introduction to Drozer · Using Drozer to find and exploit vulnerabilities · Traffic Interception (Active and Passive) of Android Applications · OWASP Top 10 for Android

  • Aha, We Design Better, Cheaper, Faster And Vulnerable Mobile Apps!

    The growing consumer demand for smartphones applications, including banking, trading, e-commerce. Stakeholders needs to accept that forthcoming era will be mobile computing centric w.r.t corresponding hugh apps development. As per Gartner prediction, mobile app projects will outnumber PC projects 4-to-1 by middle of 2015. Hacker-Abhinav As we know mobile apps spreading faster than any other consumer technology in history. It’s not surprising that securing mobile apps, particularly around consumer privacy, is moving onto the front page. This needs to be done with highly disciplined mobile apps security expert with mature threat handling matrix, a great toolkits, and experienced mobile applications testers. The Mobile applications often deal with personal identifiable information, credit cards and other sensitive data including IMs & mail client from giant enterprises. I shall be talking pointers which denotes why mobile application hasty development suffering w.r.t security. Session difficulty level: In-depth talks

  • OWASP Bangalore meet - Android Mobile Security

    OWASP Bangalore meet - 28th March 2015 10:00 AM - 2:00 PM Mobile Application Security Testing Overview The Building blocks of Android Apps Live demos w.r.t Android App : Demo 1 - Poor Authorization and Authentication (M5) Demo 2 - Sensitive Information Leakage (M4) Demo 3 – Insecure Data storage (M2) Test factory Arsenal

  • Weekend Testing : BNT-13 ~ Cross-site request forgery ~

    Overview: Are you web developer / Tester / Architect, why don’t you stop sucking you web app against CSRF attacks? Mission :- This session is on detecting and exploiting CSRF / XSRF issues. At the end of this session, the participant will be able manually identify CSRF / XSRF vulnerabilities in web applications. URL :- http://weekendtesting.com/archives/3843 Agenda :- Introduction What is Cross Side Request Forgery CSRF check & How to test (Iron OWASP , CSRF Finders) Prevention of CSRF attacks Q & A Prerequisite knowledge: Basic Technical knowledge about web application

  • Top 10 Web Application Security Hazards {Part 2}

    Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.

  • Top 10 Web Application Security Hazards

    Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.

  • SQL Injection for Beginners

    Mission :- This session is on detecting and exploiting SQL Injection issues. At the end of this session, the participant will be able manually identify SQL Injection vulnerabilities in web applications.