- February 24: Hacking Android & iOS apps with Deep Links and XSS
Workshop 1: February 24: Hacking Android & iOS apps with Deep Links & XSS
In this workshop you get ready for some first hand experience of the insecurities of Mobile Deep Links. Topics covered include:
- Deep Link attacks achieving user impersonation
- Deep Link attacks to bypass authorization controls
- Case Study: Periscope CSRF via Deep Link
- Finding & Exploiting URL handlers
- WebViews & Data Exfiltration: Android
- XSS & Data Exfiltration in Android
- XSS via SD Card Manipulation
- Attacking WebViews & Data Exfiltration: iOS
All in all the workshop is packed with real world case studies and examples and intended to broaden your knowledge in Mobile Security. Come join us on February 24 to be a part of this workshop and walk away with practical information that you can immediately apply when you go back to work.
Can’t make it, need a head start? Find the Free mobile workshop here!
This fine workshop walks you though some awesome topics about Electron security, covering the following:
- Essential techniques to audit Electron applications
- Finding Vulnerabilities in Dependencies, Configuration & Source Code
- Introducing ElectroNegativity (SCA)
- Basics of Electron XSS exploitation
- Exploiting nodeIntegration
- Electron XSS / RCE Mitigation essentials
- Attacking preload scripts
- RCE via IPC
All action, no fluff, this workshop provides you with case studies from real-world vulnerable applications. Join us on March 7 to learn the techniques to take your desktop app security auditing kung-fu to the next level.
Can’t come or need a head start? Get the Free desktop workshop here!
What do you get?
- Access to Free Live Online Workshops in February
- Lifetime access to a training portal
- Vulnerable apps to practice
- Guided exercise PDFs
- Video recording explaining how to solve the exercises
- Free access to all future updates
- Certificate of Attendance on attending the Live workshop
About the Speaker Note:
As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. He writes on Twitter as @7asecurity @7a_ @owtfp and 7asecurity Blog. Multiple presentations, pentest reports and recordings can be found here.
For the most up-to-date information about upcoming training events & Free online workshops check the training page.