Save 40% on Coursera Plus Annual
Seven Deadly Sins of Mobile Application Development - Unlocking Mobile Hacking Vulnerabilities

Seven Deadly Sins of Mobile Application Development - Unlocking Mobile Hacking Vulnerabilities

OWASP Foundation via YouTube Direct link

Allowing repeat requests

10 of 15
Previous
Next

10 of 15

Allowing repeat requests

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Seven Deadly Sins of Mobile Application Development - Unlocking Mobile Hacking Vulnerabilities

Automatically move to the next video in the Classroom when playback concludes
  1. 1 Intro
  2. 2 Overview
  3. 3 Hacking Mobile Apps: WiFi Pineapple
  4. 4 Hacking Mobile Apps: The ideal setup
  5. 5 Hacking AMF: Raw traffic AMF is a binary format
  6. 6 Trusting the client
  7. 7 Not requiring encryption • Mobile traffic is easy to hijack & sniff . Most mobile apps are not using SSL - A gasp of horror is appropriate • Many of the ones that use SSL do it wrong!
  8. 8 Allowing lifetime sessions
  9. 9 Not keeping secrets • Session tokens/cookies are sent with each request - Easy to steal • Mobile app can store local data unlike web browser - Web browsers always send their cookies in each request
  10. 10 Allowing repeat requests
  11. 11 No curfew for requests As discussed, sessions last a long time • Individual requests allowed to stay out partying too long
  12. 12 Failing to prevent altered requests
  13. 13 Hacking Mobile Apps: Fantasy Football
  14. 14 Hacking Mobile Apps: Examples
  15. 15 Avoiding the 7 Deadly Sins

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.