Where’s my browser? Learn Hacking iOS and Android WebViews

30 Jul 2018

Context Consultant David Turco and Jay Christiansen will be hosting a workshop at this year's DEF CON 26 conference in Las Vegas.

The workshop, titled "Where's my browser? Learn Hacking iOS and Android WebViews" will be held on Thursday the 9th of August, and will be led by Context Security Consultants David Turco and Jon Overgaard Christiansen. 

About the workshop:

WebViews allow developers to embed HTML pages into mobile applications and their use is widespread, from merely displaying a simple help page to wrapping an entire website inside a mobile app. Developers now "control the browser" and things can go very wrong: a cross site scripting vulnerability can be catastrophic for a mobile application and result in the exfiltration of user's data stored on the device or in someone listening to user conversations.

The "Where's My Browser?" vulnerable-by-design mobile applications for Android and iOS have been written by the presenter as a teaching tool for hacking WebViews. The workshop covers the attack surface of Android and iOS WebViews and presents techniques and tools for identifying and exploiting those vulnerabilities. Attendees will practice their skills against the "Where's My Browser?" mobile apps. The source code of the applications will help students in recognizing common coding mistakes.

For more information, or to register for the worshop, visit the DEF CON website.

CHECK IT Health Check Service
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA