At Security Compass, we have been working hard to expand our training offerings. We’re most excited about our new Mobile Hacking and Security course. If your organization is working with mobile applications this course is a fantastic primer on how mobile apps can be hacked, and how your teams can defend against these software defects. We’ll also teach your staff some insightful concepts as to how best to protect your mobile applications and best of all, we’ve created hands on Mobile Labs that your staff can test their learning on. They’ll learn to see how attackers break mobile apps, insecure source code and how to fix such issues!
Speaking of the labs, we want to do our part to give back to the AppSec community so we’re going to open source our lab component!
ExploitMe Mobile will be an open source project (using the BSD License) that any of you can help contribute to. Being appsec professionals, our labs are focused on understanding both the insecure aspect of mobile coding and how we can build a more secure version. The great thing is we have versions of our App for both Android and iPhone, two of the leading OS for mobile at the moment.
Our labs will allow you to learn mobile security through an insecure application. The app contains the following issues:
- Parameter manipulation of traffic
- Insecure communications
- Weak password lock screens
- Insecure memory management
- Weak file system permissions
- Insecure storage of files
- Insecure logging of information
We’ve published our Labs and quick guides as to how to install the labs onto your iPhone or Android devices/emulators:
- LabServer (github) — the main backend server the mobile apps will talk to
- ExploitMe Mobile AndroidLabs — github source
- ExploitMe Mobile iPhoneLabs — github source
Please give it a shot and let us know how you like it. You can message me on twitter @oliverseccom and I’ll try to help with any question you may have!