Practical Mobile app attacks by Example: Free Workshop – Feb 18

The workshop “Practical Mobile app attacks by Example” offers a thorough review of interesting security anti-patterns and how they could be abused. In short this is very valuable information for those intending to defend or find vulnerabilities in mobile apps.

Register and broaden your knowledge of mobile security with actionable information derived from real-world penetration testing of mobile apps.

“Practical Mobile app attacks by Example” is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps. An entirely practical walkthrough that covers:

  • Anonymized juicy findings from reports that we could not make public
  • Interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers
  • Security issues in government-mandated apps with considerable media coverage such as Smart Sheriff
  • Apps that report human right abuse where a security flaw could get somebody killed in the real world

Moreover, attendants will be provided with training portal access to practice the attack vectors covered. This includes multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. Also, you get:

  • Lifetime access to a training portal
  • Vulnerable apps to practice
  • Guided exercise PDFs
  • Video recording explaining how to solve the exercises

Finally, the free workshop will be followed by 2 x 4h live training sessions on February 23-24th 2021, 17:00 – 21:00 CET

Live Training: Hacking Android and IoT apps by Example

Come and have fun with us! 🙂

Practical Mobile app attacks

Audience level

By and large, from new to advanced, content should keep all skill levels happy

Presented by:

Abraham Aranguren: After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity ( A company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. As well as security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Previously senior penetration tester / team lead at Cure53 ( and Version 1 ( Also, creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course ( Additionally, OWASP OWTF project leader, an OWASP flagship project ( Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. Finally, as a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity@7a_@owtfp or Multiple presentations, pentest reports and recordings can be found at

For the most up-to-date information about upcoming training events, including free workshops, check this.