I also tweet a lot about this, so you can find me on Twitter I retweet a lot of accounts that have to do anything with security on mobile applications and that's for both iOS and Android, but I tweet a lot about that. There are different topics, there are different researches that I've done in the past, so you can check the blog post there. I do a lot of research around mobile applications, like I said, iOS, and I published most of my research on my blog, which is ivrodriguez,com, so you can check it out. Then I moved into security because it's not crowded, there's no many people doing this, and I was interested to earn money because of that. I specialize in mobile applications and specifically on iOS and that is because I was an iOS developer for a long time. Who I am? My name is Ivan Rodriguez, I'm a software engineer and security researcher. Literally, disclaimer, all that I talk about here, it's my opinion, it's my views, and they do not reflect those of my employer. I wish we could talk about more, but it's going to take a long time and this is how the journey started. I found the same vulnerabilities in very different applications and we're going to talk about four of them. I was checking different applications, there are a bunch of companies that provide a public bug bounty, where they tell you, "Ok, here's my mobile application, please just check it and if you find something, we're going to pay you money for it." During this year, I found that many apps are making the same mistakes over and over. With this, since then, I started doing this on a daily basis. I don't know if you can see that, but they awarded like $2,000 for this and they invited me to their private program where they would pass me their application before it would hit the app store so that I can check them beforehand. With this, an attacker will be able to login into third party servers and query their database and anyone who download download this application could just reuse this credentials and login as that. They have embed some user credentials and their mobile application. Rodriguez: Almost a year ago, on November 14th of last year, I submitted a vulnerability to a company that had a crypto wallet.
0 kommentar(er)
