-
Adventures in Exploiting WebViews for Android Attacks 33 min
-
Course Feedback
Adventures in Exploiting WebViews for Android Attacks
Learn more about exploiting WebViews for attacks.
Many mobile apps use WebViews to load and display web content directly within the app. However, WebViews expand the threat vector and attackers can exploit them to steal user credentials or launch phishing campaigns.
NowSecure Senior Mobile Application Penetration Tester David Mockler will lead a hands-on tutorial on exploiting WebViews using the Frida dynamic instrumentation toolkit.
This session will cover the following:
- How to analyze a common Android WebView implementation to pinpoint vulnerabilities
- What common mobile pen testing tools you need to test the sample app
- How to exploit WebViews performing URL redirect, cross-site scripting and code execution