DEF CON 26: Where's my browser? Learn Hacking iOS and Android WebViews

Context Consultants David Turco and Jon Overgaard Christiansen will be giving a workshop at DEF CON 26 "Where's my browser? Learn Hacking iOS and Android WebViews".

Aug 09 2018
09 Aug 2018 09 Aug 2018 10:00 – 14:00
The LINQ Hotel & Casino 3535 South Las Vegas Boulevard, Las Vegas, NV 89109 Show Map

WebViews allow developers to embed HTML pages into mobile applications and their use is widespread, from merely displaying a simple help page to wrapping an entire website inside a mobile app. Developers now "control the browser" and things can go very wrong: a cross site scripting vulnerability can be catastrophic for a mobile application and result in the exfiltration of user's data stored on the device or in someone listening to user conversations.

The "Where's My Browser?" vulnerable-by-design mobile applications for Android and iOS have been written by the presenter as a teaching tool for hacking WebViews. The workshop covers the attack surface of Android and iOS WebViews and presents techniques and tools for identifying and exploiting those vulnerabilities. Attendees will practice their skills against the "Where's My Browser?" mobile apps. The source code of the applications will help students in recognizing common coding mistakes.

For more information and to register for the workshop, visit the DEF CON website.

CREST
CREST STAR
CHECK IT Health Check Service
CTAS - CESG Tailored Assurance Service
CBEST
Cyber Essentials
CESG Certified Product
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor