Free Workshop: Practical Mobile App Attacks by Example

Practical Mobile App Attacks by Example is based on actionable information derived from real-world penetration testing of mobile apps. The workshop offers a thorough review of interesting security anti-patterns and how they could be abused. This is valuable information for those intending to defend or find vulnerabilities in mobile apps.

So come and join us for this 2 hour (April 22 @ 18:00 – 20:00 CET) hacking session “Practical Mobile App Attacks by Example”. This workshop is a prelude to the complete course “Hacking Android, iOS and IoT apps by Example” and covers:

  • Review of interesting security flaws discovered over the years in many mobile apps
  • Contains anonymized juicy findings from reports that we could not make public
  • Interesting vulnerabilities in open source apps with strong security requirements
  • Security issues in password vaults and privacy browsers
  • Security issues in government-mandated apps with considerable media coverage such as Smart Sheriff
  • Review of flaws in apps that report human right abuse where a security flaw could get somebody killed in the real world

Moreover, attendants will be provided with training portal access to practice the attack vectors covered. This includes multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. Also, you get:

  • Lifetime access to a training portal
  • Vulnerable apps to practice
  • Guided exercise PDFs
  • Video recording explaining how to solve the exercises

Finally, the free workshop will be followed by 2 x 4h live training sessions on April 27-28 @ 17:00 – 21:00 CET

Live Training: Hacking Android and IoT apps by Example

Practical Mobile app attacks

Audience level

By and large, from new to advanced, content should keep all skill levels happy

Presented by:

Abraham Aranguren: After 13 years in itsec and 20 in IT Abraham is now the CEO of A company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Previously senior penetration tester / team lead at Cure53 ( and Version 1 ( Also the creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course ( Additionally, OWASP OWTF project leader, an OWASP flagship project (

As a Security trainer, Abraham has conducted trainings at various events such as Blackhat USA, HITB, OWASP Global AppSec. Finally, as a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Also, he writes on Twitter as @7asecurity @7a_ @owtfp or Multiple presentations, pentest reports and recordings can be found at

For the most up-to-date information about upcoming training events, including free workshops, check this.