The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).