RVAsec 13

When developing a product, software engineers often discuss the “what if?” user. What if a user builds their own frontend client? What if a user finds that embedded API key? What if a user notices that endpoint doesn’t have authorization? This talk has three real-life examples from the speaker’s perspective as the “what if?” user. Each example will delve into the motivation, the security flaws reverse engineered, and how to improve the security of each product. This talk will cover reverse engineering assets from an Android game, a waitlist to buy exercise equipment, and a Publish Subscribe system for an auction house. This talk aims to generate interest in identifying software design flaws and reverse engineering them, as well as helping teach about common security issues and practical methods of fixing them.