Pentesting Swift Application with OWASP iGoat
Swaroop Yermalkar at AppSec USA 2018
As enterprises are moving their iOS development towards Swift development from Objective C, it has become essential to adopt skills required to perform penetration testing/security audit of such applications. If you are working as Product Security Engineer or Bug Bounty hunter, it's important to know pentesting Swift application.
Considering such requirements, we're releasing brand new version of OWASP iGoat in Swift. Definitely, there are certain changes while pentesting Swift application over Objective C applications.
This talk is all about how you can find out security loopholes in Swift applications and as a developer how you can defend against them. This talk will help you learn iOS Swift App Pentesting from basics to advanced level using OWASP iGoat project.
This talk will discuss recent case studies of critical findings in iOS apps (Swift) and also help to address important issues as encryption key management, code obfuscation along with OWASP Top 10. We will release the major version of OWASP iGoat (Swift) at AppSec USA 2018.
Project code: https://github.com/OWASP/iGoat-Swift
Technology stack: Swift 4, Ruby
Speaker
Swaroop Yermalkar
Senior Security Engineer, Lithium
Swaroop Yermalkar works as Sr Security Engineer at Lithium with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (https://goo.gl/T8jvjJ) and lead an open source project - OWASP.
Considering such requirements, we're releasing brand new version of OWASP iGoat in Swift. Definitely, there are certain changes while pentesting Swift application over Objective C applications.
This talk is all about how you can find out security loopholes in Swift applications and as a developer how you can defend against them. This talk will help you learn iOS Swift App Pentesting from basics to advanced level using OWASP iGoat project.
This talk will discuss recent case studies of critical findings in iOS apps (Swift) and also help to address important issues as encryption key management, code obfuscation along with OWASP Top 10. We will release the major version of OWASP iGoat (Swift) at AppSec USA 2018.
Project code: https://github.com/OWASP/iGoat-Swift
Technology stack: Swift 4, Ruby
Speaker
Swaroop Yermalkar
Senior Security Engineer, Lithium
Swaroop Yermalkar works as Sr Security Engineer at Lithium with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (https://goo.gl/T8jvjJ) and lead an open source project - OWASP.