Jan 24 2024 25 mins
In this episode, I speak with Nabeela Bukhari about mobile application security. Be sure to check out the resources linked below.
Nabeela is a senior security engineer primarily focused on app security and mobile app security. She holds a degree in Electronics Engineering and several certifications. Nabeela is also a volunteer with BBWIC and helps mentor women in their cybersecurity careers around the world.
Resources shared on the podcast:
https://mas.owasp.org/MASTG/ - MSTG Guide
https://owasp.org/www-project-mobile-top-10/ - OWASP TOP 10 Mobile
https://github.com/MobSF/Mobile-Security-Framework-MobSF- MOBSF
Tools:
Frida- https://frida.re/
Objection- https://github.com/sensepost/objection/wiki/components
Drozer- https://github.com/WithSecureLabs/drozer
JADX-Gui- https://github.com/skylot/jadx
Vulnerable Android apps for learning:
InjuredAndroid
https://github.com/B3nac/InjuredAndroid
Walkthrough Video: https://www.youtube.com/watch?v=PMKnPaGWxtg
Google Play Link: https://play.google.com/store/apps/details?id=b3nac.injuredandroid
Android AppSec
CTF site: ctf.hpandro.raviramesh.info
Walkthrough Video:https://www.youtube.com/c/AndroidAppSec
Google Play Link: https://play.google.com/store/apps/details?id=com.hpandro.androidsecurity
Damn Vulnerable Bank
Link: https://github.com/rewanthtammana/Damn-Vulnerable-Bank
Walkthrough Video: https://rewanthtammana.com/damn-vulnerable-bank/
Insecure Shop
Link: https://github.com/optiv/InsecureShop/releases/download/v1.0/InsecureShop.apk
GitHub: https://github.com/optiv/InsecureShop
Walkthrough Video: https://docs.insecureshopapp.com/
AndroGoat
Link: https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk
GitHub: https://github.com/satishpatnayak/AndroGoat
Walkthrough Video: https://medium.com/androgoat
Crackmes
Link: https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk
GitHub: https://github.com/OWASP/owasp-mstg/tree/master/Crackmes/Android
Walkthrough: https://github.com/OWASP/owasp-mstg/tree/master/Crackmes
InsecureBank
Link: https://github.com/dineshshetty/Android-InsecureBankv2/raw/master/InsecureBankv2.apk
GitHub: https://github.com/dineshshetty/Android-InsecureBankv2
Oversecured Vulnerable Android App
GitHub: https://github.com/oversecured/ovaa
Blog: https://blog.oversecured.com/
DIVA Android
GitHub: https://github.com/payatu/diva-android
Walkthrough: http://www.payatu.com/damn-insecure-and-vulnerable-app/
MSTG Hacking Playground
GitHub links: https://github.com/OWASP/MSTG-Hacking-Playground
https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/MSTG-Android-Java-App
https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/MSTG-Android-Kotlin-App
Ask me a Question Here: https://topmate.io/ken_underhill
Get better at job interviews and build your confidence with this short course.
https://cyberken23.gumroad.com/l/jbilol/youtube20
If you need cybersecurity training, here are some good resources. Please note that I earn a small affiliate commission if you sign up through these links for the training.
Learn Ethical Hacking skills https://get.haikuinc.io/crk0rg6li6qd
Get Ethical Hacking skills, SOC Analyst skills, and more through StationX.
https://www.stationx.net/cyberlife
Support this podcast at — https://redcircle.com/cyber-life/donations