Loading…
Venue: Room -2.33 (Level -2) clear filter
arrow_back View All Dates
Thursday, June 25
 

10:30am CEST

OWASP masCon - Introduction by OWASP MAS team to MAS Con
Thursday June 25, 2026 10:30am - 10:35am CEST
Room -2.33 (Level -2)

Speakers
avatar for Carlos Holguera

Carlos Holguera

OWASP Mobile App Security (MAS): MASVS, MASWE and MASTG, NowSecure
Carlos is a principal mobile security research engineer working with NowSecure and one of the core project leaders and authors of the OWASP Mobile Security Testing Guide (MASTG) and OWASP Mobile Application Security Verification Standard (MASVS), the industry standard for mobile app... Read More →
avatar for Sven Schleier

Sven Schleier

Co-Founder, Bai7 GmbH
Sven is a co-founder of Bai7 GmbH in Austria, which is specialized in trainings and advisory. He has expertise in cloud security, offensive security engagements (Penetration Testing) and Application Security, notably in guiding software development teams across Mobile and Web Applications... Read More →
Thursday June 25, 2026 10:30am - 10:35am CEST
Room -2.33 (Level -2)
  MobileAppSecCon

10:35am CEST

OWASP masCon - Let's get frooky: Structured Mobile DAST with Frida
Thursday June 25, 2026 10:35am - 11:25am CEST
Room -2.33 (Level -2)
Mobile application penetration tests can be challenging. In order to find vulnerabilities in the OWASP MAS Testing Profile L2, security testers have to simulate attacks on compromised devices. When apps protect themselves with advanced static and dynamic hardening techniques, security testers often rely on instrumentation in order to assess the security of the app at runtime.

This talk will present some of these challenges as seen in real world mobile apps and then present “frooky”, a Frida-powered hook runner based on structured I/O. This tool was consolidated together with OWASP MAS leadership and released as a standalone project for OWASP MASTG. We will show you what it can do, how it was developed and how you can use it for any mobile app penetration testing efforts in general.
Speakers
SB

Stefan Bernhardsgrütter

Lead Security Tester, Redguard
As a Security Tester at Redguard, Stefan puts a wide variety of IT systems, networks and applications to the test. He has an M.Sc. in Engineering with focus on IT-Security and more than 10 years experience in this field. At Redguard he is responsible for developing and maintaining... Read More →
avatar for Carlos Holguera

Carlos Holguera

OWASP Mobile App Security (MAS): MASVS, MASWE and MASTG, NowSecure
Carlos is a principal mobile security research engineer working with NowSecure and one of the core project leaders and authors of the OWASP Mobile Security Testing Guide (MASTG) and OWASP Mobile Application Security Verification Standard (MASVS), the industry standard for mobile app... Read More →
Thursday June 25, 2026 10:35am - 11:25am CEST
Room -2.33 (Level -2)
  MobileAppSecCon

11:30am CEST

OWASP masCon - Unveiling The Internals From Multiplatform Mobile Runtimes
Thursday June 25, 2026 11:30am - 11:55am CEST
Room -2.33 (Level -2)
Flutter, React and Unity are the main multiplatform runtimes of choice when developing mobile applications for iOS and Android. We will cover the main characteristics, starting with the programming language associated with the framework, the ecosystem, the toolchains and showcase some clever low level details in their implementations. Recovering code and data from the final release binaries with the help of the opensource plugins for radare2.
Speakers
avatar for Sergi Alvarez

Sergi Alvarez

Mobile Security Research Engineer, NowSecure
Pancake is a mobile security research engineer at NowSecure. It has more than 25 years of experience in the reverse engineering and security fields. Author and maintainer of tools like radare2, r2frida and other plugins around the radare ecosystem, he began working as a forensic analyst... Read More →
Thursday June 25, 2026 11:30am - 11:55am CEST
Room -2.33 (Level -2)
  MobileAppSecCon

1:15pm CEST

OWASP masCon - Recent Mobile App Security Incidents from Real-World Cases
Thursday June 25, 2026 1:15pm - 1:40pm CEST
Room -2.33 (Level -2)
This is a review of recent mobile app security incidents I work on day to day. We’ll walk through concrete cases from banking, food delivery, and e-commerce to break down how the breaches happened.

By the end, you’ll have a clearer sense of which security practices hold up in modern mobile apps and which ones fail in practice. You’ll also learn what commonly introduces vulnerabilities and where to find secure practices that actually work.
Speakers
avatar for Jan Seredynski

Jan Seredynski

Mobile Application Security Engineer, Guardsquare

Jan Seredynski is a mobile security professional with seven years of app development experience. He specializes in secure architectures and anti-tampering techniques. With a keen eye for uncovering vulnerabilities, Jan actively contributes to identifying and resolving CVEs and bugs... Read More →
Thursday June 25, 2026 1:15pm - 1:40pm CEST
Room -2.33 (Level -2)
  MobileAppSecCon
 

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Monday, June 22
Tuesday, June 23
Wednesday, June 24
Thursday, June 25
Friday, June 26
Expo Hall X1
Foyer D (Level -2)
Hall D (Level -2)
Hall G1 (Level -2)
Hall G2 (Level -2)
Hall K1 (Level -2)
Hall K2 (Level -2)
Room -2.11 (Level -2)
Room -2.15 (Level -2)
Room -2.33 (Level -2)
Room -2.82 (Level 2)
Room -2.92 (Level -2)
TBA
Terrace G of Austria Center
  • 1-Day Training
  • 2-Day Training
  • 3-Day Training
  • Bonus Track
  • Deployment and Maintenance
  • Implementation
  • Keynote
  • Meals Provided by OWASP
  • Meeting
  • MobileAppSecCon
  • Planning and Design
  • PODS (Hands-on Activities)
  • Process and Culture
  • Project Demo Lab (Hands-on)
  • Project Showcase (Lightning Talks)
  • Project User Day
  • Sponsored Happy Hour
  • Testing
  • Audience
  • Advanced
  • All
  • AppSec Engineers
  • Beginner
  • Developers
  • Intermediate
  • Introductory and Overview
  • Private Meeting
  • Security Champions
  • Students and newcomers in AppSec
  • Subject
  • AI
  • CRA
  • Dependancies
  • DevSecOps
  • Gamification
  • Kubernetes
  • Mobile Security
  • Network Security
  • Pentesting
  • SBOM
  • SSDLC
  • Standards
  • Threat Modeling
  • WAF