COMMSEC: Chaining Up Mobile and Web Vulnerabilities to Take Control Over an Application

This talk will be live streamed on the HITBSecConf Youtube Channel


Mobile and Web applications play a vital role in every modern organization. An organization that does not properly secure its web and mobile apps may be vulnerable to attacks. This can lead to damage in business functionality, data breach and economical loss.

Most organization have protection against common Web and Mobile vulnerabilities, and usually finding one vulnerability is not enough to take over an application. In this presentation we will demonstrate how we chained up multiple vulnerabilities found into a full-chain working exploit to gain control over users’ accounts.

Using our latest research as an example, we will show how to take a few small vulnerabilities in a Web application and put them together with vulnerabilities in a Mobile application to exploit accounts in major tech company.

COMMSEC TRACK
Location: Track 4 / CommSec Date: April 23, 2020 Time: 3:00 pm - 3:30 pm Roman Zaikin Dikla Barda