After the massive success of the last 2 security based ShefTests we thought to ourselves "how are we going to top that?" Well, I think we may just have! For this months ShefTest, Jay Harris (@JayHarris_Sec) of Digital Interruption has kindly agreed to run his Mobile Security Testing Workshop and give you all the opportunity to try some hands on security testing which you can take away to use in your day to day testing!
"Security testing can seem like a daunting task that is best left to external contractors. In the very best case scenario, we hope that the expensive penetration test does not turn up any security issues as this is likely to delay the release.
This workshop is aimed at mobile application software testers to help understand exactly what it is a penetration tester will do and why for most vulnerabilities, a security expert is not needed. In this workshop, we will look at how security testing can be carried out on Android applications oftentimes MORE successfully by testers that know the product inside and out."
What do I need to bring?
You will need to bring a laptop (Mac or Windows) with the following programs installed prior to the session (The venue does have wi-fi but we can't guarantee it will be fast or hold up if everyone needs to download everything on the night. It'll save valuable workshop time too.).
* jadx (github.com)
* drozer (mobiletools.mwrinfosecurity.com)
* burpsuite community edition (portswigger.net)
* Genymotion with Android 4.4 installed (or if you have a root Android device, you can use that instead) (www.genymotion.com)
* adb (developer.android.com)
* apktool (ibotpeaches.github.io)
* Insecure Bank mobile app (github.com)
Due to venue constraints, im afraid we only have 20 spaces available and we have to vacate at 21:00. After the workshop we'll move to the nearest pub to carry on the discussion :)
Get in quick as this is going to be a popular one! And please only sign up if you can make it as places are limited.
More details and tickets: www.meetup.com
Imported From: www.meetup.com
A regular meetup for people interested in or involved in software testing.
Come and meet other testers and others involved in software development.