WEBVTT 00:00.390 --> 00:06.960 So there are many vulnerable mobile apps that intentionally contain vulnerabilities, right? 00:07.500 --> 00:13.440 Their purpose is to enable security professionals like you and me to test their tools and techniques 00:13.680 --> 00:14.300 legally. 00:14.970 --> 00:21.960 So that helps developers better understand the common pitfalls in developing mobile apps securely. 00:22.230 --> 00:22.550 Right. 00:23.840 --> 00:29.690 So throughout the course will be using this app called Insecure Bank V to. 00:30.940 --> 00:40.240 We'll also use the dam vulnerable hybrid mobile app and cyber truck challenges, well, this will practice 00:40.240 --> 00:43.060 and enhance our hacking skills. 00:43.980 --> 00:46.500 So we'll start with the insecure bank application. 00:47.880 --> 00:49.920 So it contains the following flaws. 00:51.090 --> 00:52.890 Insecure login mechanism. 00:53.990 --> 00:56.420 Hidden button in the login mechanism. 00:57.610 --> 01:03.370 Developer Log-in, insecure data storage debug mode enabled. 01:04.310 --> 01:13.940 Backup mode enabled, insecure logging, route detection, bypass, insecure web view implementation. 01:14.940 --> 01:20.250 Android pasteboard vulnerability, Android keyboard vulnerability. 01:21.550 --> 01:24.370 Insecure HTP connexions. 01:25.680 --> 01:29.520 Parameter manipulation, user enumeration. 01:30.690 --> 01:39.150 I mean, you see, so this is great will perform our test by dividing them into two main topics, static 01:39.150 --> 01:41.790 analysis and dynamic analysis. 01:42.990 --> 01:48.870 So the static analysis is a testing methodology that analyzes source code to find security vulnerabilities 01:48.870 --> 01:53.400 that make your organisation's applications susceptible to attack. 01:54.760 --> 02:01.170 Dynamic analysis is the testing and evaluation of a program by executing data in real time. 02:02.540 --> 02:08.900 The objective there is to find errors in a program while it's running rather than by repeatedly examining 02:08.900 --> 02:09.900 the code off-line. 02:11.570 --> 02:13.390 So it kind of gets me excited. 02:13.400 --> 02:17.510 And if you're excited, too, let's start Statik, analyzing these vulnerabilities.