Mobile Application Hardening: Protecting Business Critical Apps
Grant Douglas, Mobile Practice Director, Synopsys and Nikola Cucakovic, Senior Security Consultant, Synopsys
About this talk
Mobile application security isn’t always super exciting or challenging. But when it comes to application hardening, things get more interesting. These days, some types of applications go out of their way to defend themselves at runtime, including:
• Financial apps
• Multiplayer games
• Apps that feature DRM-protected content
• Apps with intellectual property
Such applications often attempt to protect themselves via internally developed controls, as well as commercial products.
During this talk, we’ll look at some of the typical controls that Android/iOS applications exhibit, how they work, how to spot them, and how to sidestep them. We’ll demonstrate analysis and techniques using free open source tooling such as Radare and Frida, and for some parts, we’ll use IDA Pro. And since “automation” is the buzzword of the year, we’ll discuss how to automate some of these activities, which typically take up most of the assessment window.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.…