OWASP Meeting in Krakow
Long time, no see ;) but we are coming back and we can promise that our meetings in Krakow will be more regular and even more interesting.
As usual we have something for builders and something for breakers. First, Julio Fort will talk about dangerous URI handlers and during the second presentation, Wojtek Reguła will show security features and tools that will help you to build (or test) iOS apps.
Please RSVP, save the date and spread the word!
1. URI handlers: the forgotten attack surface (Julio Fort)
Custom protocol handlers make it easy for a web page or an instant messenger to seamless interact with or spawn other installed apps. However, user-friendliness and convenience can sometimes open avenues for attacks.
We are all used to click on mailto:// or torrent:// links but rarely give a second thought whether they can be leveraged by an attacker for malicious purposes.
This presentation will briefly explore some recent vulnerabilities affecting URI handlers, describe how common attacks work and what you can do to find these bugs yourself.
Julio is a Brazilian-born, Poland-based computer security enthusiast. He currently works as director of services at Blaze Information Security.
2. Building & Hacking Modern iOS Apps (Wojtek Reguła)
This talk will cover the most important milestones in reaching secure iOS/macOS apps. I’m going to show you how to develop modern & secure iOS/macOS apps using new security features presented at the latest Apple’s Worldwide Developers Conference. Hackers will be satisfied as well, since I’m going to cover also pen tester’s perspective. What’s more – I will share with you details of multiple vulnerabilities that I've found during security assessments and my research of Apple’s applications.
IT Senior Security Specialist employed at SecuRing. Professionally responsible for web and mobile security testing with particular emphasis on iOS. He is also a creator of iOS Security Suite, an opensource anti-tampering framework. Recently interested also in macOS app security. In free time he runs an infosec blog - https://wojciechregula.blog.