From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, and learn about potential future enhancements.
2. 85% 3rd Party
AppStore Apps Violate
OWASP MOBILE TOP 10
26% Custom
Apps have at least 1
high risk flaw
82% of all digital
time now spent on Mobile-
only & Multi-platform
more likely to leak
account credentials
Biz
Apps 3X
Source: NowSecure Software and Research Data 2016-2017
50% Android Apps
dynamically load code
missed by static analysis
2
35% Have
un-encrypted data
transmission
9. iOS
APPS
Dynamic code and
assets
MITM attacks
Take the the attacker POV to test across app,
compiler, data at rest, data in transit, OS, HW &
SW during and after running the mobile app
iOS FRAMEWORKS
iOS NATIVE
LIBRARIES
iOS Mach/XNU
KERNEL
iOS HAL
HARDWARE
Buffer overflows
Race conditions
Forensic artifacts
Malware
Contact hijacking
TARGET
APP
11. STATIC SOURCE
TESTING
STATIC BINARY
TESTING
DYNAMIC
BINARY TESTING
BEHAVIORAL
BINARY TESTING
Observe the behavior of the
app during runtime using
insight from static and
dynamic test results to
identify actions that could
be exploited by an attacker
and compare to known
patterns
Uses dynamic binary
instrumentation to trace
functions and API calls
Analyze the binary to
identify vulnerabilities post
compile, including 3rd
party
libraries
Analyze the source strings
to identify vulnerable code