In-Security of Backend-As-A-Service
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the critical security vulnerabilities in Backend-As-A-Service (BaaS) solutions in this eye-opening Black Hat conference talk. Delve into the findings of a comprehensive study that analyzed approximately two million Android apps, revealing shocking results about the insecurity of cloud-based data storage. Learn how researchers were able to access over 56 million sensitive user records, including medical information, credit card data, and various multimedia files, due to misconfigured BaaS solutions. Discover the potential risks of adversaries hijacking Amazon S3-Buckets, which could lead to database modifications, malicious code injection, and cloud-based malware execution. Gain insights into the automatic exploit generator developed to extract credentials from apps and access BaaS backends, even when obfuscated. Understand the implications of these security flaws for developers, users, and the overall mobile app ecosystem.
Syllabus
(In-)Security of Backend-As-A-Service
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube