New Mobile Security Course and ExploitMe Mobile

At Security Compass, we have been working hard to expand our training offerings. We’re most excited about our new Mobile Hacking and Security course. If your organization is working with mobile applications this course is a fantastic primer on how mobile apps can be hacked, and how your teams can defend against these software defects. We’ll also teach your staff some insightful concepts as to how best to protect your mobile applications and best of all, we’ve created hands on Mobile Labs that your staff can test their learning on. They’ll learn to see how attackers break mobile apps, insecure source code and how to fix such issues!

Speaking of the labs, we want to do our part to give back to the AppSec community so we’re going to open source our lab component!

ExploitMe Mobile will be an open source project (using the BSD License) that any of you can help contribute to. Being appsec professionals, our labs are focused on understanding both the insecure aspect of mobile coding and how we can build a more secure version. The great thing is we have versions of our App for both Android and iPhone, two of the leading OS for mobile at the moment.

Our labs will allow you to learn mobile security through an insecure application. The app contains the following issues:

  • Parameter manipulation of traffic
  • Insecure communications
  • Weak password lock screens
  • Insecure memory management
  • Weak file system permissions
  • Insecure storage of files
  • Insecure logging of information

We’ve published our Labs and quick guides as to how to install the labs onto your iPhone or Android devices/emulators:

Please give it a shot and let us know how you like it. You can message me on twitter @oliverseccom and I’ll try to help with any question you may have!

Previous Article
Bust a Cap in an Android App at Sector 2011
Bust a Cap in an Android App at Sector 2011

Last Tuesday, Patrick Szeto and I presented “Bust a Cap in a Mobile App” at SecTor, our talk about pentesti...

Next Article
Down the Rabbithole Podcast
Down the Rabbithole Podcast

I had the privilege of sitting down with Rafal Los & Glenn Leifheit at OWASP AppSecUSA 2011 in Minneapolis ...