[Invite-only Workshop] The Reds and Blues of an Android Application.


We are pleased to announce an Android application security workshop by Shiv Sahni (@shiv__sahni) & Tony Thomas(@tonythomasv).

Please note, this is an invite-only but FREE hands-on workshop, we can accommodate only a few selected participants. If you get selected, you will receive an email with all the venue details a week before the workshop.

The selection will be based on the answers to the survey questions asked during the registration process. Please answer these questions carefully here: https://forms.gle/41bYT3Lr339Ny9hJ6

Feel free to ping us in our official telegram group here https://t.me/joinchat/EtV5mxc6VBoY0bI3vJWElQ


The prime agenda of this session is to familiarize the security features of the underlying Android platform to the participants and enable them to advocate suitable recommendations for mitigating the common Android vulnerabilities. With live demonstrations, the participants will obtain the potential to comprehend the significance of such highlights and can evaluate how their absence can further lead to the exploitation of the Android application. Throughout this training, we shall also introduce opensource/free tools to developers and security analysts in order to help them with successful and productive security evaluations. The following will be covered as part of the two-day training session.

Session 1: Pentesting Android Applications
- A crash course on - Android application architecture, permission model, APK file contents and setting up the emulator.
- Reverse Engineering Android Applications
- Breaking Insecure Crypto Implementation
- Attacking Android Webviews
- Exploiting Runtime
- Bypassing SSL Pinning (Using Automation Tool, Frida and Application Patching)

Session 2: Securing Android Applications
- Secure Crypto Implementation
- Android KeyStore Implementation
- Securing Android Webviews
- SafetyNet Implementation
- Application Signing

- Laptop with 20+ GB free hard disk space 4+ GB RAM.
- Windows 7/8/10 , Ubuntu 12.x + (64-bit Operating System), macOS
- Android SDK, Genymotion installed or rooted android phone.
- Administrative access on your laptop with external USB allowed.

About Presenter

Tony Thomas is a Security Professional with 3+ years of experience in the fields of Web, Mobile and Network Security with his core competence being Mobile Security. He is currently working as a Senior Associate with PWC Singapore and has been an integral part of securing various Infrastructures ranging from Government Organisations to Independent Private Enterprises. Being OSCP Certified, he has also conducted various penetration tests for critical and information sensitive environments. He has also delivered various training across India to both the Development and Security Community. Knowledge of secure coding practices has enabled him to perform a secure code review on various applications to identify logical bugs and misconfigurations in them.

Shiv Sahni is currently working as a Security Engineer with Grab, Singapore. He’s a contributor in the OWASP MSTG project and is also the author of a whitepaper titled 'The Grey Matter of Securing Android Applications'. He also worked as a guest lecturer for the 'Post-Graduation Diploma Cyber Security '(PGDCL) course at the University of Delhi. His credentials include OSCP, CREST-CRT, CREST-CPSA, ISO 27001-LA and a Gold Medal from the University of Delhi for outstanding academic performance. His research has identified multiple vulnerabilities in organizations including Microsoft, Intel, ING Bank, Sony, Stack Exchange, Intel, and AT&T, etc.