Overview:The workshop is the iOS (very) short version of a 3-days training dedicated to learning the basics to be able to assess the security of iOS mobile applications.
Davy Douhine (ddouhine) will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or just curious about a 100% hands-on iOS workshop. The goals are:
- Understand iOS basics and the OWASP Mobile Security Testing Guide
- Learn how to use the common tools (Cydia Impactor, Hopper, rvictl, rvi_capture, Frida and Objection) in order to assess iOS applications
- Practice on how to resolve iGoat and DVIA challenges
Agenda:This 2 hours workshop is divided in 4 main parts:
- OWASP Mobile Security Testing Guide project:
- The Guide
- The Standard
- The Checklist
- The TOP10
- Setup your environment: Presentation of the tools used during this workshop
- Practical exercises
- Static Analysis (2 labs)
- Data Security (3 labs)
- Execution Analysis (2 labs)
- Transport Security (1 lab)
Prerequisites:- If possible an iOS device.
- Download a specially crafted Virtual Machine (based on Kali). - Link will be emailed *to attendees only* a few days before the workshop.
- Need a laptop with 30 Gb of free space
- Download and install VMWare Workstation Player 16 (DO NOT use Virtual Box) :
https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html