In this workshop, developers will dive deep into the world of Android debugging using Frida. While well known to the security community, Frida is often overlooked as a powerful dynamic instrumentation toolkit that can aid in debugging. Whether you don’t have access to the source code, you’re looking to inspect network calls, or you’re receiving a security report to triage, Frida offers developers the ability to inspect, modify, and interact with running applications in real-time.

Throughout the workshop, participants will start with an introduction to Frida's core concepts and features. From there, they'll dig into several practical exercises, learning how to set up Frida on their development environment, perform dynamic analysis of Android applications, and even leverage Frida's extensive API to help validate a security finding.

Key topics covered in the workshop include:

Introduction to Frida: What is it and how do you set it up?

Scripting with Frida: Learning how to write a basic Frida script to automate common tasks.

Application Security Testing: Leveraging Frida for dynamic analysis of network traffic and bypassing security controls.

Real-World Scenarios: Applying Frida to validate a security finding coming from automated SAST or DAST tools.

By the end of the workshop, participants will have gained a baseline understanding of Frida's capabilities and how to effectively integrate it into their Android debugging toolkit. They’ll also walk away with additional resources for Frida training. Whether you're a seasoned developer or new to mobile application security, this workshop promises to add a new tool to your toolkit and bridge the gap between developers and security professionals.