Are you interested in how to conduct a security analysis on a complex mobile application? Maybe reducing the effort without sacrificing the quality of the job? Great, you are in the right place! In this session, presented by the DevSecCon Italy’s chapter leader, Alessando Braccio and Federico Dotta, Principal Security Analyst, will analyze an Android mobile application with strong security features and will bypass all of them using Frida, Burp Suite and Brida plugin. The talk will be highly technical, giving you an insight on how a similar task should be approached and how difficulties can be overcome, or even better skipped! We will work on a live demo of this complex scenario, bypassing all the in-place crypto protections of the traffic, in order to be able to comfortably find (and then exploit) vulnerabilities in the backend. Finally, we will show Brida, a tool developed with a colleague of mine, and its approach to this kind of problems, aimed at minimising the reversing and developing effort and having more time for the juicy things!
** This event was held in Italian **