Next Meetup

Hacking iOS - MSTG Hands-on Course
We are pleased to inform an Hacking iOS Hands-On workshop by Sven and Ryan based on the Mobile Security Testing Guide (MSTG). Please note, this is an invite only but FREE hands-on workshop, we can accommodate only few selected participants. If you get selected, you will receive email from humla champion a week before the workshop. Selection Criteria: Selection (25-30 persons only) will be based on the following two criteria: 1. Contribution to the community. Speakers, humla, bachav champions, core team, volunteers and venue hosts will get priority to the workshop. 2. Passion towards Information security + attendance in previous meet ups. If you are new to the community, selection will be based on the answers to the survey questions asked during the registration process. Please answer these questions carefully. Agenda: Even though modern mobile operating systems like iOS and Android offer great APIs for secure data storage and communication, those APIs have to be used correctly in order to be effective. Data storage, inter-app communication, proper usage of cryptographic APIs and secure network communication are only some of the aspects that require careful consideration. The OWASP Mobile Security Testing Guide (MSTG) is a comprehensive manual for testing the security of mobile apps. It describes processes and techniques for verifying the requirements listed in the Mobile Application Security Verification Standard (MASVS), and provides a baseline for complete and consistent security tests. The proposed training is based on the Mobile Security Testing Guide (MSTG) and will offer hands-on exercises in the form of different iOS and Android Apps. The goal of this course is to learn the technical skills to execute a penetration test against iOS mobile applications and utilise the Mobile Security Testing Guide (MSTG) as a baseline and comprehensive methodology during mobile security assessments. Training Syllabus: - iOS security fundamentals - Mobile Security Testing Environment Setup - Overview of Mobile security vulnerabilities - Hands-on testing on iOS Apps - Security best practices to mitigate Mobile security vulnerabilities - Alternative iOS App testing without a jailbroken device - Reverse Engineering of iOS Apps Key areas of training: - Static and Dynamic Analysis of iOS Apps - Local Data Storage - Communication with Trusted Endpoints - Authentication and Authorization - Client-side Security control bypass - Advanced dynamic instrumentation use cases Hardware and Software Requirements. - Laptop (> 8 GB Ram, 20GB of free disk space, working Wifi) with administrative access - Burp Suite Community Edition (Professional not needed) - Ideally a MacBook, otherwise Windows laptop with Virtualbox - An iOS device with at least iOS 9.0 (without jailbreak) Speaker Bio: Sven: Sven is an experienced web and mobile penetration tester and assessed everything from historic Flash applications to progressive mobile apps. He is also a security engineer that supported many projects end-to-end during the SDLC to "build security in". He was speaking at local and international meetups and conferences and is conducting hands-on workshops about web application and mobile app security. Ryan Ryan Teoh (OSCE, OSCP, CRT) is a Security Engineer at Grab with a strong focus on Mobile Security. Whilst his main job involves mobile/web/infrastructure security assessment. He spends a considerable amount of time in iOS kernel exploitation, contributing to the iOS security testing chapter and the iOS Crackmes which are part of the OWASP Mobile Security Testing Guide. That aside, he is active on both private and public bug bounty programs and has successfully obtained several critical mobile security bugs. Ryan is a strong believer in knowledge sharing - initiated a security blog on top of facilitating workshops to security engineers, developers and students about mobile security, dynamic instrumentation and reverse engineering of mobile applications.

Singapore

North, East, South, West · Singapore

2 comments

    Past Meetups (57)

    What we're about

    null (http://null.co.in/) is one of the largest open security community and we now have a Singapore chapter.

    null is an open, inclusive, responsible, and most importantly a completely volunteer driven community. Our aim is not only to spread information security awareness, but also to learn from other members of the community. The activities such as null Monthly Meets, null Humla, null Bachaav, null Puliya, null Job Portal are aimed towards the same cause.

    Null Singapore chapter started on feb 2015 with monthly meet and will include other activities with time. In the spirit of true community involvement, you are invited to propose topics you would like to talk about, or listen others speak upon.

    Members (1,592)

    Photos (174)