3. Mobile applications Where do I start !
DDoS Public API
SQL Injection
XSS Network Security
Request Forgery
Session Management
Replay Attacks
Open Redirects
Just Too Many !
Transport Layer
Data Validation
Third Party Password Storage
Integration
Local/Remote file
injection
Access / Role
privileges Clickjacking
Business Logic
Denial Of Service
13. Assumptions
Raju pays 100 + 30 Rupees and buys one copy of "Revolution
2020"
"Raju" buys Revolution 2020 for 130 Rs
14. Guess the password
Bruteforce
Hijack Session
Steal the Database
Social Logins
Mobile sites, Mobile Apps ...
Phishing Attacks
Clickjacking
Social Engineering
Try all of the above options
15. Assumptions
Raju pays 100 + 30 Rupees and buys one copy of "Revolution
2020"
Raju buys "Revolution 2020" for 130 Rs
16. Assumptions
Raju pays 100 + 30 Rupees and buys one copy of "Revolution
2020"
Raju "pays 100 for the book"
Raju pays for "Revolution 2020"
"Raju" buys the book
Raju buys "One copy"
Question each of these assumptions !