Jump to navigation Jump to content

Speaker

Tomáš Soukal

Tomáš Soukal

Security Consultant @ Talsec

Brno, Czechia

Actions

I am Tomáš Soukal and my daily bread and butter is explaining the mobile security concepts related to RASP technology.

Links

Area of Expertise

  • Information & Communications Technology

Topics

  • Mobile Development
  • Software Deveopment
  • Android Software Development
  • Developing Android Apps
  • iOS Software Development
  • Modern Software Development
  • Developer Relations
  • App Development
  • Backend Development
  • mobile app development
  • Android Development
  • REST API
  • api
  • Security
  • Application Security
  • cyber security
  • Cyber Security basics
  • Reverse Engineering
  • Hacking
  • Flutter

Sessions

Hacking and protection of Mobile Apps and backend APIs. Threat modeling exercise.

You should attend this talk if you want to know how mobile apps & APIs are being hacked and what you need to do to protect them. We will explore large-scale attacks targeting backend APIs like botnets, fake registrations, and token hijacking. Whether you're a developer, security professional, or anyone invested in securing mobile applications, this talk equips you with practical insights and proactive measures to safeguard against evolving cyber threats. The talk is aligned with current OWASP MAS practices, focusing on architecture, resiliency, network, and storage areas. Join to stay ahead in protecting your digital assets.

How to Steal a JWT and How to Protect From It

I will show you how a JWT can be stolen from within your app and used for user impersonation, billing fraud, fake registrations, and other API attacks. You will learn that TOFU is not only food and that there are various ways to establish secure E2E communication, like WAAP and certification pinning. Device & App Integrity Proof for backends is the name of the game.

You should attend this talk if you want to know how to hack the Android app and its API and how to protect it from the modern reverse engineering technics and malware hackers use.

You will learn the following:
- How to clone the app and inject malicious code
- How to prepare the app's clone for JWT harvesting
- How to check the integrity of a device and app dynamically with RASP
- How to defend the app's API by certification pinning and WAAP

How to Hack & Protect Flutter Apps

You should attend this talk if you want to KNOW HOW THE MOBILE FLUTTER APP CAN BE HACKED and how you can protect it from the modern reverse engineering technics and malware used by hackers. As a bonus, you will also learn how to protect the backend from APIs abuse like botnets, fake registrations, and token hijacking. The talk is aligned with current OWASP MAS practices with a focus on resiliency, network and storage areas.

You will learn the following:
How to disassemble an app and extract its secrets
How to inject malicious code or clone the app
How to steal authentication tokens
How to defend apps API calls
How to protect against all these attacks

Events

Fluttercon Europe 2024 Sessionize Event

July 2024 Berlin, Germany

droidcon Berlin 2023 Sessionize Event

July 2023 Berlin, Germany

Fluttercon 2023 Sessionize Event

July 2023 Berlin, Germany

Flutter Heroes 2023 Sessionize Event

February 2023 Turin, Italy

Tomáš Soukal

Security Consultant @ Talsec

Brno, Czechia

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top