YoVDO

In-Security of Backend-As-A-Service

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Data Storage Security Courses

Course Description

Overview

Explore the critical security vulnerabilities in Backend-As-A-Service (BaaS) solutions in this eye-opening Black Hat conference talk. Delve into the findings of a comprehensive study that analyzed approximately two million Android apps, revealing shocking results about the insecurity of cloud-based data storage. Learn how researchers were able to access over 56 million sensitive user records, including medical information, credit card data, and various multimedia files, due to misconfigured BaaS solutions. Discover the potential risks of adversaries hijacking Amazon S3-Buckets, which could lead to database modifications, malicious code injection, and cloud-based malware execution. Gain insights into the automatic exploit generator developed to extract credentials from apps and access BaaS backends, even when obfuscated. Understand the implications of these security flaws for developers, users, and the overall mobile app ecosystem.

Syllabus

(In-)Security of Backend-As-A-Service


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube