Episode 427: Sven Schleier and Jeroen Willemsen on Mobile Application Security

Risks

Reverse engineering in mobile apps poses significant security risks, as highlighted by Justin Beyer. He emphasizes the ease with which applications can be reverse-engineered, making it crucial for developers to avoid storing sensitive information in easily accessible locations like shared config spaces or plain text files 1. To mitigate these risks, leveraging security standards and integrating them into project management cycles, whether agile or waterfall, is essential 2.

Developers must understand the underlying protocols and not just rely on abstractions, as this knowledge is vital for building effective security tests.

--- Justin Beyer

Understanding these protocols ensures that developers can implement security measures proactively, rather than leaving it to external entities 3.

   

Insights

Sven Schleier provides insights into the tools and processes involved in reverse engineering. He mentions that while reverse engineering is not typically a developer's skill set, resources like the MSTG project offer detailed write-ups and tools such as Ida, Ghidra, and Frieda to aid in understanding this complex process 4. The availability of source code on platforms like GitHub allows developers to experiment, fix issues, and test their solutions, fostering a hands-on learning environment 5.

The hacking playground was created to demonstrate bad coding practices and provide a training ground for developers and security professionals.

--- Sven Schleier

This playground serves as a practical tool for illustrating vulnerabilities and teaching best practices in mobile app security 6.