Our first ever Black Friday Sale, take advantage of this opportunity: This is the same material we teach at Blackhat USA, HITB, OWASP Global AppSec, Nullcon and many other events at a fraction of the price: Get 40% off any self-paced 7ASecurity course! Use code: BFCM40 Offer valid from November 18th until November 30th Some …
Yes, COVID makes things difficult, many people have financial struggles, but… Did you know after this summer, we gave away 7 (!!!) courses to the winners of our OWASP Virtual Summer Days contest completely for free? Why not take advantage of this? you could be next because we are running another New Year Free Course …
Yes, COVID makes things difficult, many companies struggle for budget, but… Did you know after this summer, the winner of our OWASP Virtual Summer Days contest got a 12 day pentest completely for free? Why not take advantage of this? your company could be next because we are running another New Year Free Pentest contest! …
We are pleased to be sponsoring OWASP Virtual Summer Days this year! Winners will be privately contacted after each training event on June 24th, July 29th, and August 26th. Contest #1: Get a Free Penetration Test! Yes, you read that correctly! please fill out this form to enter the contest. The winner gets a 100% …
NOTE: In 2020, a new talk will substantially improve this one to include an interesting third app and better explain the other ones. In late 2019, I had the privilege of giving a talk and an interview at SEC-T and DeepSec about “Chinese Police and CloudPets”. Basically a summary of highlights from 3 different pentest …
Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] The OWASP Mobile Application Security Verification …
Bully API, Government-Mandated Apps, MASVS, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-AUTH-1, Password Leak, Smart Sheriff, South Korea
Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog …
Android, Crypto, Government-Mandated Apps, Java, MASVS, MitM, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-CRYPTO-1, Smart Sheriff, South Korea
Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V3: Cryptography Requirements, as follows: …
Android, Crypto, Government-Mandated Apps, MASVS, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-CRYPTO-1, Smart Sheriff, XOR
Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V6: Platform Interaction Requirements, as follows: MSTG‑PLATFORM‑7: If native methods of the app …
addJavaScriptInterface, Android, Government-Mandated Apps, MASVS, MitM, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-PLATFORM-7, Smart Sheriff, South Korea
Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG‑NETWORK‑2: The TLS settings are in line with current best practices, or as close as possible if …
Android, DeepSec, Government-Mandated Apps, MASVS, MitM, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG‑NETWORK‑2, Public Speaking, Smart Dream, Smart Sheriff, South Korea