OWASP

Dyan Galih Nugroho Wicaksi

@DyanGalih

@2017

dyan.galih@gmail.com

https://id.linkedin.com/in/dyangalih

Finding an insecure endpoint API's, using reverse engineering android technique

Who am i?

A Simple Person Who Love Code, Share Knowledge and Always Learning about Java, PHP, Linux sysadmin, Android, Javascript.

 

IT Enthusiast, Security Enthusiast, Public speaker

 

Community:

YAC - Yogyakarta Android Club
NgeSec - Ngelab Security

 

Quotes Today!

There is nothing secure in cyberworld  

What is OWASP?

OWASP (Open Web Application Security Project) is an organization that provides unbiased and practical, cost-effective information about computer and Internet applications.

 

 Top 10 2017-Top 10

  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Broken Access Control
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Insufficient Attack Protection
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Underprotected APIs

What Is The Target?

What is an API?

Application program interface (API) is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact. Additionally, APIs are used when programming graphical user interface (GUI) components.

Reverse Engineering

Reverse engineering, also called back engineering, is the processes of extracting knowledge or design information from anything man-made and reproducing it or reproducing anything based on the extracted information

Reverse Tools  

  • Show Java
  • Apk Tools
  • Dex2Jar
  • Apk Editor
  • Etc

Show Java 

PlayStore

Show Java

Finding an Insecure API

Finding un-secure API and how to test it. Just say the word.

Find In Files http or https

Thank you

OWASP

By Dyan Galih