BruCON Agnitio workshop Slides and Video Demonstration - Download



Workshop by David Rook (Security Ninja) at BruCON 2011 in Belgium. You can Download Slide from here.
Required for the Agnitio hands on demos:
Optional
In addition to the list above the following things are optional depending on how hands on you want to be:
  • Internet connection to download an application from the Android market place
  • Eclipse IDE installed
  • Android SDK installed
  • Android Debug Bridge (adb) installed, this should be installed as part of the SDK install
  • An AVD configured with the Android market place app installed (instructions here)
  • I think you can also use a rooted Android device if you don’t want to use the emulator
Workshop format
  • A quick look at static analysis and the strengths and weaknesses of humans and software
  • What is Agnitio and why do I think checklists are a vital component of security code reviews
  • Some examples of what can go wrong if you don’t use checklists to find and remove simple flaws
  • Demos/hands on: using checklists in Agnitio to review source code, produce reports and metrics
  • Demos/hands on: how to customise your Agnitio installation
  • A look at mobile (Android and iOS) application security and how analysis is currently done
  • Demo/hands on: using the mobile specific rule sets in the Agnitio static analysis module
  • Demo/hands on: downloading an app from the marketplace and decompiling it using Agnitio