|When:||Mon, Tue, Wed, Thu, Fri|
|Organizers||Jeroen Willemsen, Carlos Holguera|
|Participants||Jeroen Willemsen, Sven Schleier (remote), Abderrahmane AFTAHI (remote), Carlos Holguera , Carlos Holguera Carlos Holguera , Jeroen Willemsen Jeroen Willemsen|
Welcome to the Owasp Mobile Security Testing Guide Content pressure cook!
Ever since iOS 12 and Android 8⁄9 came out, a lot of security fixes have been added by the vendors! This means new parameters that need explaining (AND VERIFICATION ;-)). So we need to start hacking on our mobile devices, learn from them and update / fix the issues! Next to that, are tons of other issues that are still not explained in the MSTG. Are you interested in the kind of content we need to work on during these days? Check https://github.com/OWASP/owasp-mstg/issues and our project page https://github.com/OWASP/owasp-mstg/projects/2.
Next, the OMTG playground and the iOS crackmes really needs some TLC, so we need to update them, so it runs on Android 9 as well!
- Fix issues mentioned in https://github.com/OWASP/owasp-mstg/issues and update the iOS materials as well.
- Fix the OMTG (and automate the builds, similar to the crackmes).
- Fix the iOS Crackmes (fix lvl2 and create lvl3).
The target audience for this Working Session is:
- iOS developers
- Android developers
- Penetration Testers
Everyone else who is interested in mobile security and some technical know-how :-)
An updated iOS and Android chapter in the MSTG that covers the latest security changes in iOS 11⁄12 and Android O/P. The MSTG is hosted in Github and can easily be edited by anyone, just a Github account is needed and knowledge on how to create a pull request.
Anybody who wants to join the Mobile Security project and learn or share knowledge about mobile security in applications for iOS and Android:
- Security engineers
Register as participant
To register as participant add
Creating content session to either:
sessionsmetadata field from your participant's page (find your participant page and look for the edit link).
- or the
participantsmetadata field from this git session page
Back to list of all Working Sessions