In this episode, I speak with Nabeela Bukhari about mobile application security. Be sure to check out the resources linked below.
Nabeela is a senior security engineer primarily focused on app security and mobile app security. She holds a degree in Electronics Engineering and several certifications. Nabeela is also a volunteer with BBWIC and helps mentor women in their cybersecurity careers around the world.
Resources shared on the podcast:
https://mas.owasp.org/MASTG/ - MSTG Guide
https://owasp.org/www-project-mobile-top-10/ - OWASP TOP 10 Mobile
https://github.com/MobSF/Mobile-Security-Framework-MobSF- MOBSF
Tools:
Frida- https://frida.re/
Objection- https://github.com/sensepost/objection/wiki/components
Drozer- https://github.com/WithSecureLabs/drozer
JADX-Gui- https://github.com/skylot/jadx
Vulnerable Android apps for learning:
InjuredAndroid
https://github.com/B3nac/InjuredAndroid
Walkthrough Video: https://www.youtube.com/watch?v=PMKnPaGWxtg
Google Play Link: https://play.google.com/store/apps/details?id=b3nac.injuredandroid
Android AppSec
CTF site: ctf.hpandro.raviramesh.info
Walkthrough Video:https://www.youtube.com/c/AndroidAppSec
Google Play Link: https://play.google.com/store/apps/details?id=com.hpandro.androidsecurity
Damn Vulnerable Bank
Link: https://github.com/rewanthtammana/Damn-Vulnerable-Bank
Walkthrough Video: https://rewanthtammana.com/damn-vulnerable-bank/
Insecure Shop
Link: https://github.com/optiv/InsecureShop/releases/download/v1.0/InsecureShop.apk
GitHub: https://github.com/optiv/InsecureShop
Walkthrough Video: https://docs.insecureshopapp.com/
AndroGoat
Link: https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk
GitHub: https://github.com/satishpatnayak/AndroGoat
Walkthrough Video: https://medium.com/androgoat
Crackmes
Link: https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk
GitHub: https://github.com/OWASP/owasp-mstg/tree/master/Crackmes/Android
Walkthrough: https://github.com/OWASP/owasp-mstg/tree/master/Crackmes
InsecureBank
Link: https://github.com/dineshshetty/Android-InsecureBankv2/raw/master/InsecureBankv2.apk
GitHub: https://github.com/dineshshetty/Android-InsecureBankv2
Oversecured Vulnerable Android App
GitHub: https://github.com/oversecured/ovaa
Blog: https://blog.oversecured.com/
DIVA Android
GitHub: https://github.com/payatu/diva-android
Walkthrough: http://www.payatu.com/damn-insecure-and-vulnerable-app/
MSTG Hacking Playground
GitHub links: https://github.com/OWASP/MSTG-Hacking-Playground
https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/MSTG-Android-Java-App
https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/MSTG-Android-Kotlin-App
Ask me a Question Here: https://topmate.io/ken_underhill
Get better at job interviews and build your confidence with this short course.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.