OWASP
Dyan Galih Nugroho Wicaksi
@DyanGalih
@2017
dyan.galih@gmail.com
https://id.linkedin.com/in/dyangalih
Finding an insecure endpoint API's, using reverse engineering android technique
Who am i?
A Simple Person Who Love Code, Share Knowledge and Always Learning about Java, PHP, Linux sysadmin, Android, Javascript.
IT Enthusiast, Security Enthusiast, Public speaker
Community:
YAC - Yogyakarta Android Club
NgeSec - Ngelab Security
Quotes Today!
There is nothing secure in cyberworld
What is OWASP?
OWASP (Open Web Application Security Project) is an organization that provides unbiased and practical, cost-effective information about computer and Internet applications.
Top 10 2017-Top 10
- Injection
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Broken Access Control
- Security Misconfiguration
- Sensitive Data Exposure
- Insufficient Attack Protection
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Underprotected APIs
What Is The Target?
What is an API?
Application program interface (API) is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact. Additionally, APIs are used when programming graphical user interface (GUI) components.
Reverse Engineering
Reverse engineering, also called back engineering, is the processes of extracting knowledge or design information from anything man-made and reproducing it or reproducing anything based on the extracted information
Reverse Tools
- Show Java
- Apk Tools
- Dex2Jar
- Apk Editor
- Etc
Show Java
PlayStore
Show Java
Finding an Insecure API
Finding un-secure API and how to test it. Just say the word.
Find In Files http or https