Enviar búsqueda
Cargar
Gursev kalra _mobile_application_security_testing - ClubHack2009
•
0 recomendaciones
•
953 vistas
ClubHack
Seguir
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 16
Descargar ahora
Descargar para leer sin conexión
Recomendados
How to hack a telecom and stay alive
How to hack a telecom and stay alive
qqlan
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
Positive Hack Days
10.1.1.64.2504
10.1.1.64.2504
Dan Drumm
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056
mashiur
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
Rohan Fernandes
Zayo presentation6 29-11
Zayo presentation6 29-11
Ann Treacy
Introduction of ferrari 4 g mobile wi fi-english
Introduction of ferrari 4 g mobile wi fi-english
Husham Elhag
Zayo Group Overview
Zayo Group Overview
cbrandt69
Recomendados
How to hack a telecom and stay alive
How to hack a telecom and stay alive
qqlan
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
Positive Hack Days
10.1.1.64.2504
10.1.1.64.2504
Dan Drumm
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056
mashiur
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
Rohan Fernandes
Zayo presentation6 29-11
Zayo presentation6 29-11
Ann Treacy
Introduction of ferrari 4 g mobile wi fi-english
Introduction of ferrari 4 g mobile wi fi-english
Husham Elhag
Zayo Group Overview
Zayo Group Overview
cbrandt69
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PROIDEA
SIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and Security
Dan York
Building a WebRTC Communication and collaboration platform - techleash barcamp
Building a WebRTC Communication and collaboration platform - techleash barcamp
ALTANAI BISHT
Vibe headline benefits 0411
Vibe headline benefits 0411
Robbie Graham
Yeastar My pbx u100_datasheet_en
Yeastar My pbx u100_datasheet_en
Erick E. Guillén Araya
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)
SI3D systems
Yeastar My pbx u200_datasheet_en
Yeastar My pbx u200_datasheet_en
Erick E. Guillén Araya
WebRTC Opens the Floodgates
WebRTC Opens the Floodgates
Christina Inge
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...
owaspindia
Mobile Application Security Testing (Static Code Analysis) of Android App
Mobile Application Security Testing (Static Code Analysis) of Android App
Abhilash Venkata
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
ClubHack
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
John Rapa
How to scale mobile application security testing
How to scale mobile application security testing
NowSecure
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
Krisshhna Daasaarii
iOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
Web and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
Basic Guide For Mobile Application Testing
Basic Guide For Mobile Application Testing
Sourabh Kasliwal
Security Testing Mobile Applications
Security Testing Mobile Applications
Denim Group
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
The curious case of mobile app security.pptx
The curious case of mobile app security.pptx
Ankit Giri
Pentesting iOS Applications
Pentesting iOS Applications
jasonhaddix
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Idexcel Technologies
Más contenido relacionado
La actualidad más candente
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PROIDEA
SIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and Security
Dan York
Building a WebRTC Communication and collaboration platform - techleash barcamp
Building a WebRTC Communication and collaboration platform - techleash barcamp
ALTANAI BISHT
Vibe headline benefits 0411
Vibe headline benefits 0411
Robbie Graham
Yeastar My pbx u100_datasheet_en
Yeastar My pbx u100_datasheet_en
Erick E. Guillén Araya
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)
SI3D systems
Yeastar My pbx u200_datasheet_en
Yeastar My pbx u200_datasheet_en
Erick E. Guillén Araya
WebRTC Opens the Floodgates
WebRTC Opens the Floodgates
Christina Inge
La actualidad más candente
(8)
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
SIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and Security
Building a WebRTC Communication and collaboration platform - techleash barcamp
Building a WebRTC Communication and collaboration platform - techleash barcamp
Vibe headline benefits 0411
Vibe headline benefits 0411
Yeastar My pbx u100_datasheet_en
Yeastar My pbx u100_datasheet_en
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)
Yeastar My pbx u200_datasheet_en
Yeastar My pbx u200_datasheet_en
WebRTC Opens the Floodgates
WebRTC Opens the Floodgates
Destacado
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...
owaspindia
Mobile Application Security Testing (Static Code Analysis) of Android App
Mobile Application Security Testing (Static Code Analysis) of Android App
Abhilash Venkata
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
ClubHack
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
John Rapa
How to scale mobile application security testing
How to scale mobile application security testing
NowSecure
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
Krisshhna Daasaarii
iOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
Web and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
Basic Guide For Mobile Application Testing
Basic Guide For Mobile Application Testing
Sourabh Kasliwal
Security Testing Mobile Applications
Security Testing Mobile Applications
Denim Group
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
The curious case of mobile app security.pptx
The curious case of mobile app security.pptx
Ankit Giri
Pentesting iOS Applications
Pentesting iOS Applications
jasonhaddix
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Idexcel Technologies
Mobile Application Security
Mobile Application Security
cclark_isec
Security testing
Security testing
baskar p
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
Destacado
(17)
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...
Mobile Application Security Testing (Static Code Analysis) of Android App
Mobile Application Security Testing (Static Code Analysis) of Android App
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
How to scale mobile application security testing
How to scale mobile application security testing
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
iOS Application Pentesting
iOS Application Pentesting
Web and Mobile Application Security
Web and Mobile Application Security
Basic Guide For Mobile Application Testing
Basic Guide For Mobile Application Testing
Security Testing Mobile Applications
Security Testing Mobile Applications
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
The curious case of mobile app security.pptx
The curious case of mobile app security.pptx
Pentesting iOS Applications
Pentesting iOS Applications
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security
Mobile Application Security
Security testing
Security testing
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Similar a Gursev kalra _mobile_application_security_testing - ClubHack2009
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
Tyler Shields
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
hemantchaskar
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
AirTight Networks
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)
Jeremiah Grossman
Cidway Banking 02 2011
Cidway Banking 02 2011
lfilliat
Hacking intranet websites
Hacking intranet websites
shehab najjar
Networking Social 2009
Networking Social 2009
Marvin Nurse
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
Yunfei Yang
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech club
iplotnikov
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
sim100
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
News bytes Sept-2011
News bytes Sept-2011
Ashwin Patil, GCIH, GCIA, GCFE
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation Firewall
Mundo Contact
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
Fatih Ozavci
Pangpse training q12011
Pangpse training q12011
Joe Palo Alto
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
Jeremiah Grossman
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
Jeremiah Grossman
Information Security Risk Management
Information Security Risk Management
ipspat
CTR350 Cradlepoint Product Brochure (quantum-wireless.com)
CTR350 Cradlepoint Product Brochure (quantum-wireless.com)
Ari Zoldan
Similar a Gursev kalra _mobile_application_security_testing - ClubHack2009
(20)
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)
Cidway Banking 02 2011
Cidway Banking 02 2011
Hacking intranet websites
Hacking intranet websites
Networking Social 2009
Networking Social 2009
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech club
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
News bytes Sept-2011
News bytes Sept-2011
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation Firewall
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
Pangpse training q12011
Pangpse training q12011
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
Information Security Risk Management
Information Security Risk Management
CTR350 Cradlepoint Product Brochure (quantum-wireless.com)
CTR350 Cradlepoint Product Brochure (quantum-wireless.com)
Más de ClubHack
India legal 31 october 2014
India legal 31 october 2014
ClubHack
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
ClubHack
Cyber Insurance
Cyber Insurance
ClubHack
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
ClubHack
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
ClubHack
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
ClubHack
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
ClubHack
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
ClubHack
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
ClubHack
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
ClubHack
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
ClubHack
XSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
ClubHack
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
ClubHack
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
ClubHack
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
ClubHack
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
ClubHack
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
ClubHack
Más de ClubHack
(20)
India legal 31 october 2014
India legal 31 october 2014
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyber Insurance
Cyber Insurance
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
XSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
Último
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Último
(20)
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
How to write a Business Continuity Plan
How to write a Business Continuity Plan
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Gursev kalra _mobile_application_security_testing - ClubHack2009
1.
Mobile Application Security
Testing Gursev Kalra Dec 5, 2009
2.
Agenda ►Introduction ►Browser Based Mobile
Applications ►Installable Mobile Applications ►Intercepting Application Traffic ►Various Traffic Interception Schemes ►Mobile Traffic and SSL ►Conclusion www.foundstone.com © 2008, McAfee, Inc.
3.
Introduction ►Who am I?
■ Senior Security Consultant – Foundstone Professional Services ■ Web Applications, Networks… www.foundstone.com © 2008, McAfee, Inc.
4.
Introduction ►Mobile Applications
■ Tremendous growth in consumer and business mobile applications ■ Many new players ■ Security aspects might get overlooked www.foundstone.com © 2008, McAfee, Inc.
5.
Browser Based Mobile
Applications www.foundstone.com © 2008, McAfee, Inc.
6.
Installable Mobile Applications
www.foundstone.com © 2008, McAfee, Inc.
7.
Intercepting Application Traffic
for Nokia S40 Series Phones • Set up a custom web proxy and obtain its IP and port • Edit the configuration WML and change proxy IP and port to the custom web proxy • Compile WML to a provisioning (WBXML) file • Transfer the new settings to S40 mobile phone • Activate custom settings and access the Internet using new settings www.foundstone.com © 2008, McAfee, Inc.
8.
Intercepting Application Traffic
for Nokia S60 Series Phones • Set up a custom web proxy and obtain its IP and port • Create duplicate of existing Access Point settings • For the copy created, change the proxy IP and port to the custom proxy • Access Internet using custom proxy settings www.foundstone.com © 2008, McAfee, Inc.
9.
Proxy With Public
IP Address Phone with Application Access Point: Service provider default settings Proxy Server Address: W1.X2.Y3.Z4 (Public IP) Port Number: 8888 Internet Public IP: W1.X2.Y3.Z4 Paros/Fiddler/Burp/Charles: Web Proxy running on port 8888 W1.X2.Y3.Z4 www.foundstone.com © 2008, McAfee, Inc.
10.
Proxy On WLAN
Phone with Application WLAN Netw. Name: PenTest Internet WLAN Mode: WPA2 Proxy Server Address: SSID: PenTest 192.168.30.102 IP: 192.168.30.100 Port Number: 8888 192.168.30.101 Paros/Fiddler/Burp/Charles: Web Proxy running on port 8888 www.foundstone.com 192.168.30.102 © 2008, McAfee, Inc.
11.
Proxy With One
Phone Internet Public IP - Connected to Internet via Mobile Phone Modem Paros/Fiddler/Burp/Charles: Web Proxy running on port 8888 Phone with Application Phone as a Modem Access Point: Service provider default W1.X2.Y3.Z4 settings Proxy Server Address: W1.X2.Y3.Z4 www.foundstone.com Port Number: 8888 © 2008, McAfee, Inc.
12.
Proxy With External
Internet Connection Internet Phone with Application Access Point: Service provider default settings Proxy Server Address: W1.X2.Y3.Z4 Port Number: 8888 USB Modem Public IP - Connected to Internet via Mobile Phone Modem Paros/Fiddler/Burp/Charles: Web Proxy running on port 8888 W1.X2.Y3.Z4 www.foundstone.com © 2008, McAfee, Inc.
13.
Mobile Traffic Interception
and SSL • Export your web proxy’s certificated in DER format • Copy the certificate file to a web server • Set the MIME type of the directory to which the certificate is copied to application/x-x509-ca-cert • Use the mobile web browser to browse to the certificate file • Import the certificate when prompted • Delete the un-trusted certificate after testing www.foundstone.com © 2008, McAfee, Inc.
14.
Conclusion ►Mobile applications extend
traditional network boundaries and introduce new avenues of attack ►They often have access to sensitive business and personal information ►They are constantly challenging and extending their reach ►Security is critical and should be part of SDLC!! www.foundstone.com © 2008, McAfee, Inc.
15.
Queries
www.foundstone.com © 2008, McAfee, Inc.
16.
Thank You
Gursev Kalra gursev(dot)kalra(at)foundstone(dot)com www.foundstone.com © 2008, McAfee, Inc.
Descargar ahora