Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

iGoat – A Self Learning Tool for iOS App Pentesting and Security

Swaroop Yermalkar

0 vote(s)

OWASP iGoat is an open source self-learning tool for iOS developers, mobile app pentesters. The best thing about iGoat is that it follows client-server architecture and supports all iDevices including iPad, iPhone, iPod and Macbook simulator for iOS 8/9/10. It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson. The lessons are laid out in the following steps:

This talk is all about how iOS developers, security analysts can dive deep into iOS App Security using iGoat tool. This talk will start from setting up iGoat to exploiting latest exploits in iOS app. I’ll also release a new version of iGoat with tons of new exercises at GSEC 2017 Singapore.

About Swaroop Yermalkar

Swaroop Yermalkar works as a Senior Security Engineer at Philips and his work includes threat modelling, security research and the assessment of IoT devices, healthcare products, web applications, networks, and Android, iOS applications.

He is OWASP iGoat Project leader (https://www.owasp.org/index.php/OWASP_iGoat_Tool_Project) and also author of popular iOS security book ‘Learning iOS Penetration Testing’, by Packt Publishing. He is also one of the top security researchers worldwide, working with Cobalt.io (https://app.cobalt.io/swaroopsy), Synack.inc.

He has been invited to give talks and training at various security conferences, such as Hacks In Taiwan (HITCON), Europeansec, GroundZero, c0c0n, 0x90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple banking, iFixit, and many more for reporting high-severity security issues in their mobile apps.

He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune, Bengaluru chapter. He holds various information security certifications, such as OSCP, OSWP, SLAE and CEH. He has written articles for clubHACK magazine and also authored a book, An Ethical Guide to Wi-Fi Hacking and Security.