Join us for a fun journey through the steps we use as penetration testers to find vulnerabilities in Android applications. The talk will introduce the audience to testing environment creation, and demonstrate how to shorten the learning curve to in order to obtain meaningful results when performing mobile application security assessments. As part of the talk, we will provide a free mobile application that will contain vulnerabilities from the OWASP Mobile Top 10 that can be used to practice vulnerability discovery.

Derek has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development industries. Derek has experience with creating custom host and network based monitoring solutions. Joff has 22+ years of experience in the IT industry in roles such as enterprise network architect and network security defender. He has experience with intrusion detection and prevention systems, penetration testing, engineering network infrastructure defense, and software development. Joff co-hosts the Security Weekly podcast, and teaches SANS SEC573 - Automating Information Security with Python.

@joff_thyer, @0xderuke

Back to Derbycon 2018 video list