Mobile App Security: From Reverse Engineering to Risk Based Decisions (MRB #75)

Description du talk
Let’s speak about mobile hardening and obfuscation tools, vulnerability scanning, multi-platform framework security, and reverse engineering.

Building on “Securing your mobile application, Lessons from Pentests (MRB #63),” we will show how protection mechanisms fit into a practical mobile security strategy.

Through live demos of reverse engineering and runtime analysis techniques used in real assessments, we will demonstrate how apps can be inspected and instrumented. We will also explore how frameworks like React Native, KMP/CMP, MAUI, and Flutter impact the attack surface and security architecture.

We will compare protection approaches, including code hardening, runtime defenses, and CI-based vulnerability scanning, and share lessons from a banking app project using Appdome and DexGuard or iXGuard.

Finally, we will introduce a risk-based framework to help teams decide how much security their app truly needs, connecting offensive insight, defensive tooling, and architectural decisions.

Speakers
Oussama Ghalbzouri - Mobile App Software Engineer @ Liip
Oussama Ghalbzouri is a Software Developer at Liip with 17 years of experience in software engineering. He previously spent more than five years in the banking sector in Luxembourg as a Solution Architect, where he worked extensively on e-banking platform security, application hardening strategies and architectural decision making.
In addition to hands on development and security initiatives, he is currently involved in ISO 27001 audit activities, contributing to compliance efforts and aligning technical implementations with broader information security requirements.

Langue du talk
Talk in French or English depending on the audience.