This year our senior Security Engineer, Daniel, held a mobile security workshop showing how weak are mobile applications that do not take into consideration the most basic security principles.
The workshop was held in the office of Evozon Systems a software development company from Cluj-Napoca, that invests a lot of effort in the security of their products which together with the members of OWASP Cluj-Napoca decided to offer this one day training to anyone interested in cyber security.
In the workshop, Daniel offered a complete hands-on experience, where the participants went through the most common mobile application vulnerabilities such as:
M1: Improper Platform Usage
M2: Insecure Data Storage
M3: Insecure Communication
M4: Insecure Authentication
M5: Insufficient Cryptography
M6: Insecure Authorization
M7: Client Code Quality
M8: Code Tampering
M9: Reverse Engineering
M10: Extraneous Functionality
What Daniel remarked during the workshop:
The audience was great, with huge interest in security so I consider the training a real success. There is an immense interest in mobile security, but very few professionals out there that really understand how mobile security works so giving back to the community is something that we should do more often. Many thanks to Evozon and OWASP Cluj for organizing this event.
CT Defense offers multiple training programs for all audiences from developers to testers, managers or even future security professionals.
In parallel with the workshop, Andrei our other senior pentester discussed with managers about the Future of Cyber Security, GDPR and all the opportunities that will come, in the future for companies.