Creating content session

Track: OWASP Mobile Security Testing Guide
When: Mon, Tue, Wed, Thu, Fri
Organizers Jeroen Willemsen Jeroen Willemsen
Participants Jeroen Willemsen, Sven Schleier (remote) , Jeroen Willemsen Jeroen Willemsen

Welcome to the Owasp Mobile Security Testing Guide Content pressure cook!

Why

Ever since iOS 12 and Android 89 came out, a lot of security fixes have been added by the vendors! This means new parameters that need explaining (AND VERIFICATION ;-)). So we need to start hacking on our mobile devices, learn from them and update / fix the issues! Next to that, are tons of other issues that are still not explained in the MSTG. Are you interested in the kind of content we need to work on during these days? Check https://github.com/OWASP/owasp-mstg/issues and our project page https://github.com/OWASP/owasp-mstg/projects/2.

Next, the OMTG playground and the iOS crackme’s really needs some TLC, so we need to update them, so it runs on Android 9 as well!

What

  • Fix issues mentioned in https://github.com/OWASP/owasp-mstg/issues and update the iOS materials as well.
  • Fix the OMTG (and automate the builds, similar to the crackmes)
  • Fix the iOS Crackme’s (fix lvl2 and create lvl3)

Who

The target audience for this Working Session is:

  • iOS developers
  • Android developers
  • Penetration Testers

Everyone else who is interested in mobile security and some technical know-how :-)

Outcomes

An updated iOS and Android chapter in the MSTG that covers the latest security changes in iOS 1112 and Android O/P. The MSTG is hosted in Github and can easily be edited by anyone, just a Github account is needed and knowledge on how to create a pull request.

Who

Anybody who wants to join the Mobile Security project and learn or share knowledge about mobile security in applications for iOS and Android: - Developers - Pentesters - Security engineers

References

Workflow for MSTG contributions via Github Android Security Android Oreo iOS Security Whitepaper

Register as participant

To register as participant add Creating content session to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions