Submit to your local DSC chapter CFPSubmit now!
close

Chapter

Dynamic Analysis of Complex Mobile Applications

with Alessandro Braccio, Federico Dotta
play_circle
Sharefacebookmail_outlinelink

Description:

Are you interested in how to conduct a security analysis on a complex mobile application? Maybe reducing the effort without sacrificing the quality of the job? Great, you are in the right place! In this session, presented by the DevSecCon Italy’s chapter leader, Alessando Braccio and Federico Dotta, Principal Security Analyst, will analyze an Android mobile application with strong security features and will bypass all of them using Frida, Burp Suite and Brida plugin. The talk will be highly technical, giving you an insight on how a similar task should be approached and how difficulties can be overcome, or even better skipped! We will work on a live demo of this complex scenario, bypassing all the in-place crypto protections of the traffic, in order to be able to comfortably find (and then exploit) vulnerabilities in the backend. Finally, we will show Brida, a tool developed with a colleague of mine, and its approach to this kind of problems, aimed at minimising the reversing and developing effort and having more time for the juicy things!

** This event was held in Italian **

 

Tags:

Alessandro Braccio

Senior Security Engineer at Arduino

About Alessandro Braccio

Alessandro Braccio is passionate about Product Security, in particular focus on the Application and Cloud Security field. His interests and expertise stem from DevSecOps, Cloud Security, IoT Security, OWASP Methodologies, Full-Stack Development and more! Over the last decade, he has worked as a Security Consultant, Security Engineer, Penetration Tester, Security Trainer and Full Stack Developer in a variety of companies and sectors. Currently, Alessandro works as a Senior Security Engineer at Arduino

Federico Dotta

Principal Security Analyst at HN Security

About Federico Dotta

Federico Dotta is a Principal Security Analyst at HN Security, an Italian Security Advisory Company. He began his career as a penetration tester in 2009, focusing on Web and Mobile applications and on physical security. He developed many security tools, most of them publicly available on GitHub, with the purpose of helping the job of ethical hackers when handling complex situations. He presented the result of his research in Italian and international conferences, like HackInBo, Hack In The Box and Hack In Paris.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close