The Windows Phone Freakshow is coming to town! Attendees will enjoy a great show of genuine (i.e. real world) and unique (i.e. previously undisclosed) exemplars of “freak code” in Windows Phone apps.
During the talk, we will discuss a showcase of insecure examples of vulnerable code, which have been collected during our recent contribution to the new OWASP Mobile Top 10 for 2015. Each identified vulnerability will be mapped to the corresponding OWASP Top 10 entry, and a detailed discussion of the bugs – including exploiting DEMOs and strategies on how to effectively solve the issues will be provided as well.
The talk will thus introduce the most complete and accurate public catalog of insecure usage of Windows Phone SDK APIs, and a precious resource for both code reviewers, penetration testers and developers targeting Microsoft’s mobile platform.