Abstract

Abstract:
iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This training will show you how to conduct a wide range of penetration tests on iOS applications to uncover vulnerabilities and strengthen the system from attacks.

This 6+ hrs session will help you conduct end to end pentesting of iOS Applications and will also help you to understand the security measures which needs to be taken. This training will also have CTF challenge where attendees will use their skills learnt in session. To attend this hands-on session, all you have to do is bring your macbook with xcode installed on it.

HARDWARE AND SOFTWARE REQUIREMENTS/WHAT TO BRING (MUST)
o Macbook with root permission and Xcode Installed
Or iPhone / iPad / iPod (jailbroken / non-jailbroken)

PRE-REQUISITE
* Basic familiarity of iOS usage, installing / uninstalling apps,
* Basic knowledge of Application Security
* Basics of terminal / Linux commands

WHO SHOULD ATTEND
* Security Professionals
* Mobile Application Pentesters
* iOS Application Developers
* Security Architects
* People interested to start into iOS security

Speaker

Swaroop Yermalkar

Swaroop Yermalkar works as a Security Engineer and his work includes threat modelling, security research and the assessment of IoT devices, healthcare products, web applications, networks, and Android, iOS applications.

He is OWASP iGoat Project leader (https://www.owasp.org/index.php/OWASPiGoatTool_Project) and also author of popular iOS security book ‘Learning iOS Penetration Testing’, by Packt Publishing. He is also one of the top security researchers worldwide, working with Cobalt.io (https://app.cobalt.io/swaroopsy), Synack.inc.

He has been invited to give talks and training at various security conferences, such as Hacks In Taiwan (HITCON), Europeansec, GroundZero, c0c0n, 0x90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple banking, iFixit, and many more for reporting high-severity security issues in their mobile apps.

He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune, Bengaluru chapter. He holds various information security certifications, such as OSCP, OSWP, SLAE and CEH. He has written articles for clubHACK magazine and also authored a book, An Ethical Guide to Wi-Fi Hacking and Security.

Timing

Starts at Saturday May 27 2017, 09:30 AM. The sessions runs for about 8 hours.

Resources