Ajin Abraham, profile picture
Uploaded byAjin Abraham
PDF, PPTX70,661 views

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile Security Framework (MobSF)

The document discusses the Mobile Security Framework (MobSF), an open-source tool for automated security testing of mobile applications. It covers features such as static and dynamic analysis, web API fuzzing, and identifies common vulnerabilities like SSL bypass and insecure direct object references. The presentation highlights challenges in mobile app security testing and introduces upcoming features like a Windows app security analyzer and enhanced API vulnerability detection.

Mobileâ—¦
Related topics:
Mobile Security Insights•

Embed presentation

Download as PDF, PPTX
Ajin Abraham Automated Mobile Application Security Testing with Mobile Security Framework
About Me !   Security Consultant @ Yodlee !   Security Engineering @ IMMUNIO !   Next Gen Runtime Application Self Protection (RASP) !   Author of OWASP Xenotix XSS Exploit Framework, Mobile Security Framework. !   Teach Security via https://opsecx.com !   Blog about Security: http://opensecurity.in
The Takeaways !   A FREE and Open Source Security Tool for Mobile App Security Assessment. !   Mobile App Pentesters/Mobile Malware Analysts - How to make your job easier with MobSF. !   Developers – Build secure mobile Apps identifying vulnerabilities at all stages of development. (SDLC Integration) !   Web Pentesters – REST API Fuzzer capable of detecting vulnerabilities like SSRF, XXE, IDOR etc.
Agenda !   What is MobSF? !   MobSF Architecture !   Static Analyzer !   Dynamic Analyzer !   Web API Fuzzer !   Static Analysis !   Static Analysis & some Statistics !   Top Indian Bank Mobile Apps !   Top Indian Wallet Mobile Apps !   Observations !   Dynamic Analysis !   Dynamic SSL Testing !   Exported Activity Tester !   Challenges in Dynamic Analysis !   Dynamic Analysis on Custom VM/ Rooted Android Device. !   Web API Fuzzer !   Vulnerabilities API Fuzzer detects. !   Explains the API Fuzzer Logic. !   Conclusion
What is MobSF? Mobile Security Framework is an open source mobile application (Android/iOS) automated pentesting framework capable of performing end to end security testing of mobile Apps. Android iOS
Hosted in your environment. Your application and data is never send to the cloud.
MobSF Architecture
Static Analyzer Mobile Security Framework INPUT OUTPUT REPORT
Demo Static Analysis & Report Generation (Diva)
Static Analysis & Some Statistics !   Static Analysis on Top Financial Apps - Criteria !   SSL bypass in Native Code !   SSL bypass in WebView !   Remote Web View Debugging !   Hardcoded Secrets
Top Indian Bank Apps Analyzed
Face palm
Top Indian Wallet Apps Analyzed
Observations !   State of Mobile App Security, Not evolved as Web Security. !   Most common issue is SSL Bypass in (Both Native Code and WebView) !   SSL Error bypassed in WebViews are really really bad.
Real-world Exploitation
Dynamic Analyzer Mobile Security Framework INPUT Android VM Or Android Device REPORT OUTPUT
Dynamic Analyzer - Architecture Dynamic Analyzer AGENTS Install and Run APK HTTP(S) Proxy Invoke Agents in VM Results HTTP(S) Traffic Android VM/Device Application Data Agent Collected Information Start HTTP(S) Web Proxy
DEMO (LOCX)
Dynamic SSL Testing !   Dynamically verify if SSL connections are securely implemented. !   Disable JustTrustMe and Remove MobSF Root CA. !   If you can still access the decrypted HTTPS Web Traffic then that means the app is bypassing SSL errors.
Exported Activity Tester !   Android Exported Activities. DEMO
Challenges in Dynamic Analysis !   Some Android Apps are built with security in mind. !  Anti VM Detection !  Anti Root Detection !  Anti MITM with Certificate Pinning. !  Some Apps / Malwares have sophisticated methods to detect Virtual Machines.
How to deal with these Challenges !   API overriding with Xposed Framework !  Anti VM Detection Bypass –> Android Blue Pill !  Anti Root Detection Bypass -> RootCloak !  Anti MITM Certificate Pinning Bypass -> JustTrustMe !   APK smali Patching. !   For sophisticated apps and malware, Use a real device for dynamic analysis.
Dynamic Analysis on Device ! MobSFy Script – Convert your VM/ Device to support MobSF Dynamic Analysis !   Documentation here: https://github.com/ajinabraham/Mobile-Security-Framework- MobSF/wiki/2.-Configure-MobSF-Dynamic-Analysis- Environment-in-your-Android-Device-or-VM !   DEMO : Weak Crypto !   Java - String hashCode() Method !   s[0]*31^(n-1) + s[1]*31^(n-2) + ... + s[n-1]
Web API Fuzzer •  Login API •  Pin API •  Register API •  Logout API Select •  Select Scope URLs of Scan •  Select Scope Vulnerabilities Web API Fuzzing Logic REPORT OUTPUT Web Request DB
Fuzzing REST APIs !   Why most web scanners suck at API Testing? !   We have knowledge about the application and generic API routes (Login, Logout, Register). !   So we use more of Whitebox approach than Blackbox approach. !   Detects vulnerabilities like IDOR, SSRF and XXE.
What We Detect !   XXE !   SSRF !   IDOR !   Directory Traversal or Path Traversal !   Logical and Session Related !   API Rate Limiting
How we Detect
SSRF & XXE API Server Web API Fuzzer MobSF Cloud Server Cloud Server: APITester/cloud/cloud_server.py
Insecure Direct Object Reference (IDOR) !   Without Credentials. !   With multiple user credentials (needs two login attempts) Web API Fuzzer API Server Request with Auth Header/ Cookie Request without Auth Header/ Cookie API Server Web API Fuzzer Request with User1’s Auth Header/Cookie Repeat the Request with a User2’s Auth Header/Cookie
Session Related Checks Web API Fuzzer API Server Calls Logout API Access Resource with expired Auth Header/Cookie Access Resource with Auth Header/Cookie
Rate Limiter Web API Fuzzer API Server Brute force Login API and Register API
Other Checks !   Security Headers and Info Gathering !   Directory/ Path Traversal
DEMO
What's Coming Soon? !   Windows App Security Analyzer. !   iOS App Dynamic Analysis. !   API Fuzzer to support detection of SQLi and RCE. !   Export Proxy logs to BurpSuite/IronWASP/ZAP
Stakeholders !   Looks like people are interested! !   Bugs opened and Closed
Useful Links !   Source: https://github.com/ajinabraham/Mobile-Security-Framework !   Issues: https://github.com/ajinabraham/Mobile-Security-Framework/ issues !   Documentation: https://github.com/ajinabraham/Mobile-Security-Framework- MobSF/wiki !   Video Course: https://opsecx.com/index.php/product/automated-mobile- application-security-assessment-with-mobsf/
QA @ajinabraham ajin25@gmail.com Thanks & Credits •  Sachinraj Shetty •  Kamaiah Nadavala •  Bharadwaj Machiraju •  Yashin Mehboobe •  Anto Joseph •  Tim Brown •  Thomas Abraham •  Graphics/Image Owners

More Related Content

PDF
Android pentesting
byMykhailo Antonishyn
 
PPTX
Android Application Penetration Testing - Mohammed Adam
byMohammed Adam
 
PPTX
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
byAjin Abraham
 
PPTX
Mobile Application Security Testing (Static Code Analysis) of Android App
byAbhilash Venkata
 
PPTX
Pentesting Android Apps
byAbdelhamid Limami
 
PDF
AppSec PNW: Android and iOS Application Security with MobSF
byAjin Abraham
 
PPTX
Web application vulnerability assessment
byRavikumar Paghdal
 
PDF
Penetration Testing Report
byAman Srivastava
 
Android pentesting
byMykhailo Antonishyn
 
Android Application Penetration Testing - Mohammed Adam
byMohammed Adam
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
byAjin Abraham
 
Mobile Application Security Testing (Static Code Analysis) of Android App
byAbhilash Venkata
 
Pentesting Android Apps
byAbdelhamid Limami
 
AppSec PNW: Android and iOS Application Security with MobSF
byAjin Abraham
 
Web application vulnerability assessment
byRavikumar Paghdal
 
Penetration Testing Report
byAman Srivastava
 

What's hot

PPTX
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
byAjin Abraham
 
PPT
Secure code practices
byHina Rawal
 
PDF
Peeling the Onion: Making Sense of the Layers of API Security
byMatt Tesauro
 
PPTX
security misconfigurations
byMegha Sahu
 
PDF
Mobile Application Penetration Testing
byBGA Cyber Security
 
PDF
Nessus Software
byMegha Sahu
 
PDF
OWASP API Security Top 10 - API World
by42Crunch
 
ODP
OWASP Secure Coding
bybilcorry
 
PDF
OWASP Top 10 Web Application Vulnerabilities
bySoftware Guru
 
PPTX
Owasp top 10 vulnerabilities
byOWASP Delhi
 
PPTX
Software Composition Analysis Deep Dive
byUlisses Albuquerque
 
PDF
API Security Best Practices and Guidelines
byWSO2
 
PDF
Secure coding presentation Oct 3 2020
byMoataz Kamel
 
PPTX
OWASP Top 10 2021 What's New
byMichael Furman
 
PPTX
API Security Fundamentals
byJosé Haro Peralta
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PDF
Pentesting Rest API's by :- Gaurang Bhatnagar
byOWASP Delhi
 
PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
PDF
Secure Coding principles by example: Build Security In from the start - Carlo...
byCodemotion
 
PPT
Application Security
byReggie Niccolo Santos
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
byAjin Abraham
 
Secure code practices
byHina Rawal
 
Peeling the Onion: Making Sense of the Layers of API Security
byMatt Tesauro
 
security misconfigurations
byMegha Sahu
 
Mobile Application Penetration Testing
byBGA Cyber Security
 
Nessus Software
byMegha Sahu
 
OWASP API Security Top 10 - API World
by42Crunch
 
OWASP Secure Coding
bybilcorry
 
OWASP Top 10 Web Application Vulnerabilities
bySoftware Guru
 
Owasp top 10 vulnerabilities
byOWASP Delhi
 
Software Composition Analysis Deep Dive
byUlisses Albuquerque
 
API Security Best Practices and Guidelines
byWSO2
 
Secure coding presentation Oct 3 2020
byMoataz Kamel
 
OWASP Top 10 2021 What's New
byMichael Furman
 
API Security Fundamentals
byJosé Haro Peralta
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
Pentesting Rest API's by :- Gaurang Bhatnagar
byOWASP Delhi
 
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
Secure Coding principles by example: Build Security In from the start - Carlo...
byCodemotion
 
Application Security
byReggie Niccolo Santos
 

Similar to Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile Security Framework (MobSF)

PDF
mobsf.pdf
byTaseen Ali
 
PDF
PTS2022-Talk-19-MobSF-for-penetration-testers_0.pdf
byShadowman Kung
 
PPTX
Android Penetration testing - Day 2
byMohammed Adam
 
PPTX
Android pentesting
byMykhailo Antonishyn
 
PPTX
Droidcon mobile security
byJudy Ngure
 
PPTX
Mobile SF
byyarden hanan
 
PDF
Security testing in mobile applications
byJose Manuel Ortega Candel
 
PDF
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
byOWASP Delhi
 
PDF
Getting started with hacking android & i os apps tools, techniques and re...
byn|u - The Open Security Community
 
ODP
Mobile App Security Testing -2
byKrisshhna Daasaarii
 
PPTX
18-mobile-malware.pptx
bysundar110567
 
PPTX
Rapid Android Application Security Testing
byNutan Kumar Panda
 
PPTX
Building a Mobile Security Program
byDenim Group
 
PPTX
Getting Started with API Security Testing
bySmartBear
 
PDF
Building a Mobile App Pen Testing Blueprint
byNowSecure
 
PDF
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
byapidays
 
PDF
Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012
byTEST Huddle
 
PDF
Mobile Application Security Threats through the Eyes of the Attacker
bybugcrowd
 
PDF
Android App Hacking - Erez Metula, AppSec
byDroidConTLV
 
PPTX
Mobile security and drozer tool demo
byGowthamraj Palani
 
mobsf.pdf
byTaseen Ali
 
PTS2022-Talk-19-MobSF-for-penetration-testers_0.pdf
byShadowman Kung
 
Android Penetration testing - Day 2
byMohammed Adam
 
Android pentesting
byMykhailo Antonishyn
 
Droidcon mobile security
byJudy Ngure
 
Mobile SF
byyarden hanan
 
Security testing in mobile applications
byJose Manuel Ortega Candel
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
byOWASP Delhi
 
Getting started with hacking android & i os apps tools, techniques and re...
byn|u - The Open Security Community
 
Mobile App Security Testing -2
byKrisshhna Daasaarii
 
18-mobile-malware.pptx
bysundar110567
 
Rapid Android Application Security Testing
byNutan Kumar Panda
 
Building a Mobile Security Program
byDenim Group
 
Getting Started with API Security Testing
bySmartBear
 
Building a Mobile App Pen Testing Blueprint
byNowSecure
 
apidays New York 2023 - Android Applications and APIs Hacking, Gabrielle Botb...
byapidays
 
Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012
byTEST Huddle
 
Mobile Application Security Threats through the Eyes of the Attacker
bybugcrowd
 
Android App Hacking - Erez Metula, AppSec
byDroidConTLV
 
Mobile security and drozer tool demo
byGowthamraj Palani
 

More from Ajin Abraham

PDF
Injecting Security into Web apps at Runtime Whitepaper
byAjin Abraham
 
PDF
Injecting Security into vulnerable web apps at Runtime
byAjin Abraham
 
PPTX
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
byAjin Abraham
 
PPTX
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
byAjin Abraham
 
PDF
Hacking Tizen: The OS of everything - Whitepaper
byAjin Abraham
 
PPTX
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
byAjin Abraham
 
PPTX
Abusing Exploiting and Pwning with Firefox Addons
byAjin Abraham
 
PPTX
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
byAjin Abraham
 
PPTX
Abusing Google Apps and Data API: Google is My Command and Control Center
byAjin Abraham
 
PPTX
Exploit Research and Development Megaprimer: Win32 Egghunter
byAjin Abraham
 
PPTX
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
byAjin Abraham
 
PPTX
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
byAjin Abraham
 
PPTX
Exploit Research and Development Megaprimer: Buffer overflow for beginners
byAjin Abraham
 
PDF
OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013
byAjin Abraham
 
PPTX
Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013
byAjin Abraham
 
PDF
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
byAjin Abraham
 
PDF
Abusing, Exploiting and Pwning with Firefox Add-ons
byAjin Abraham
 
PDF
Xenotix XSS Exploit Framework: Clubhack 2012
byAjin Abraham
 
PDF
Wi-Fi Security with Wi-Fi P+
byAjin Abraham
 
PDF
Shellcoding in linux
byAjin Abraham
 
Injecting Security into Web apps at Runtime Whitepaper
byAjin Abraham
 
Injecting Security into vulnerable web apps at Runtime
byAjin Abraham
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
byAjin Abraham
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
byAjin Abraham
 
Hacking Tizen: The OS of everything - Whitepaper
byAjin Abraham
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
byAjin Abraham
 
Abusing Exploiting and Pwning with Firefox Addons
byAjin Abraham
 
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
byAjin Abraham
 
Abusing Google Apps and Data API: Google is My Command and Control Center
byAjin Abraham
 
Exploit Research and Development Megaprimer: Win32 Egghunter
byAjin Abraham
 
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
byAjin Abraham
 
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
byAjin Abraham
 
Exploit Research and Development Megaprimer: Buffer overflow for beginners
byAjin Abraham
 
OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013
byAjin Abraham
 
Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013
byAjin Abraham
 
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
byAjin Abraham
 
Abusing, Exploiting and Pwning with Firefox Add-ons
byAjin Abraham
 
Xenotix XSS Exploit Framework: Clubhack 2012
byAjin Abraham
 
Wi-Fi Security with Wi-Fi P+
byAjin Abraham
 
Shellcoding in linux
byAjin Abraham
 

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile Security Framework (MobSF)

  • 1.
    Ajin Abraham Automated MobileApplication Security Testing with Mobile Security Framework
  • 2.
    About Me !  Security Consultant @ Yodlee !   Security Engineering @ IMMUNIO !   Next Gen Runtime Application Self Protection (RASP) !   Author of OWASP Xenotix XSS Exploit Framework, Mobile Security Framework. !   Teach Security via https://opsecx.com !   Blog about Security: http://opensecurity.in
  • 4.
    The Takeaways !  A FREE and Open Source Security Tool for Mobile App Security Assessment. !   Mobile App Pentesters/Mobile Malware Analysts - How to make your job easier with MobSF. !   Developers – Build secure mobile Apps identifying vulnerabilities at all stages of development. (SDLC Integration) !   Web Pentesters – REST API Fuzzer capable of detecting vulnerabilities like SSRF, XXE, IDOR etc.
  • 5.
    Agenda !   Whatis MobSF? !   MobSF Architecture !   Static Analyzer !   Dynamic Analyzer !   Web API Fuzzer !   Static Analysis !   Static Analysis & some Statistics !   Top Indian Bank Mobile Apps !   Top Indian Wallet Mobile Apps !   Observations !   Dynamic Analysis !   Dynamic SSL Testing !   Exported Activity Tester !   Challenges in Dynamic Analysis !   Dynamic Analysis on Custom VM/ Rooted Android Device. !   Web API Fuzzer !   Vulnerabilities API Fuzzer detects. !   Explains the API Fuzzer Logic. !   Conclusion
  • 6.
    What is MobSF? MobileSecurity Framework is an open source mobile application (Android/iOS) automated pentesting framework capable of performing end to end security testing of mobile Apps. Android iOS
  • 7.
    Hosted in yourenvironment. Your application and data is never send to the cloud.
  • 8.
  • 9.
    Static Analyzer Mobile SecurityFramework INPUT OUTPUT REPORT
  • 10.
    Demo Static Analysis &Report Generation (Diva)
  • 11.
    Static Analysis &Some Statistics !   Static Analysis on Top Financial Apps - Criteria !   SSL bypass in Native Code !   SSL bypass in WebView !   Remote Web View Debugging !   Hardcoded Secrets
  • 12.
    Top Indian BankApps Analyzed
  • 13.
  • 14.
    Top Indian WalletApps Analyzed
  • 15.
    Observations !   Stateof Mobile App Security, Not evolved as Web Security. !   Most common issue is SSL Bypass in (Both Native Code and WebView) !   SSL Error bypassed in WebViews are really really bad.
  • 16.
  • 17.
    Dynamic Analyzer Mobile SecurityFramework INPUT Android VM Or Android Device REPORT OUTPUT
  • 18.
    Dynamic Analyzer -Architecture Dynamic Analyzer AGENTS Install and Run APK HTTP(S) Proxy Invoke Agents in VM Results HTTP(S) Traffic Android VM/Device Application Data Agent Collected Information Start HTTP(S) Web Proxy
  • 19.
  • 20.
    Dynamic SSL Testing !  Dynamically verify if SSL connections are securely implemented. !   Disable JustTrustMe and Remove MobSF Root CA. !   If you can still access the decrypted HTTPS Web Traffic then that means the app is bypassing SSL errors.
  • 21.
    Exported Activity Tester !  Android Exported Activities. DEMO
  • 22.
    Challenges in DynamicAnalysis !   Some Android Apps are built with security in mind. !  Anti VM Detection !  Anti Root Detection !  Anti MITM with Certificate Pinning. !  Some Apps / Malwares have sophisticated methods to detect Virtual Machines.
  • 23.
    How to dealwith these Challenges !   API overriding with Xposed Framework !  Anti VM Detection Bypass –> Android Blue Pill !  Anti Root Detection Bypass -> RootCloak !  Anti MITM Certificate Pinning Bypass -> JustTrustMe !   APK smali Patching. !   For sophisticated apps and malware, Use a real device for dynamic analysis.
  • 24.
    Dynamic Analysis onDevice ! MobSFy Script – Convert your VM/ Device to support MobSF Dynamic Analysis !   Documentation here: https://github.com/ajinabraham/Mobile-Security-Framework- MobSF/wiki/2.-Configure-MobSF-Dynamic-Analysis- Environment-in-your-Android-Device-or-VM !   DEMO : Weak Crypto !   Java - String hashCode() Method !   s[0]*31^(n-1) + s[1]*31^(n-2) + ... + s[n-1]
  • 25.
    Web API Fuzzer • Login API •  Pin API •  Register API •  Logout API Select •  Select Scope URLs of Scan •  Select Scope Vulnerabilities Web API Fuzzing Logic REPORT OUTPUT Web Request DB
  • 26.
    Fuzzing REST APIs !  Why most web scanners suck at API Testing? !   We have knowledge about the application and generic API routes (Login, Logout, Register). !   So we use more of Whitebox approach than Blackbox approach. !   Detects vulnerabilities like IDOR, SSRF and XXE.
  • 27.
    What We Detect !  XXE !   SSRF !   IDOR !   Directory Traversal or Path Traversal !   Logical and Session Related !   API Rate Limiting
  • 28.
  • 29.
    SSRF & XXE APIServer Web API Fuzzer MobSF Cloud Server Cloud Server: APITester/cloud/cloud_server.py
  • 30.
    Insecure Direct ObjectReference (IDOR) !   Without Credentials. !   With multiple user credentials (needs two login attempts) Web API Fuzzer API Server Request with Auth Header/ Cookie Request without Auth Header/ Cookie API Server Web API Fuzzer Request with User1’s Auth Header/Cookie Repeat the Request with a User2’s Auth Header/Cookie
  • 31.
    Session Related Checks WebAPI Fuzzer API Server Calls Logout API Access Resource with expired Auth Header/Cookie Access Resource with Auth Header/Cookie
  • 32.
    Rate Limiter Web API Fuzzer APIServer Brute force Login API and Register API
  • 33.
    Other Checks !  Security Headers and Info Gathering !   Directory/ Path Traversal
  • 34.
  • 35.
    What's Coming Soon? !  Windows App Security Analyzer. !   iOS App Dynamic Analysis. !   API Fuzzer to support detection of SQLi and RCE. !   Export Proxy logs to BurpSuite/IronWASP/ZAP
  • 36.
    Stakeholders !   Lookslike people are interested! !   Bugs opened and Closed
  • 37.
    Useful Links !  Source: https://github.com/ajinabraham/Mobile-Security-Framework !   Issues: https://github.com/ajinabraham/Mobile-Security-Framework/ issues !   Documentation: https://github.com/ajinabraham/Mobile-Security-Framework- MobSF/wiki !   Video Course: https://opsecx.com/index.php/product/automated-mobile- application-security-assessment-with-mobsf/
  • 38.
    QA @ajinabraham ajin25@gmail.com Thanks & Credits • Sachinraj Shetty •  Kamaiah Nadavala •  Bharadwaj Machiraju •  Yashin Mehboobe •  Anto Joseph •  Tim Brown •  Thomas Abraham •  Graphics/Image Owners