Web applications are face or a representation of any organization which each and every user looks forward to whenever they want to intake the services provided by that respective organization and so does the threat actors thus it becomes critically important to protect such assets from any possible risk attribute.
Threads App is a real world Social Media application which allows people to be in touch with other users thus giving a hand on taste of what and how an application which is a part of every internet user and with awesome functionalities might have poorly coded and configured security posture thus giving a threat vector immense opportunities to go ahead and effect the business and application logic which leads to devastating results.
Unlike any other CTF platforms or applications out there Threads app presents you with an opportunity to go ahead first create a mindmap and figure out what his/her approach should be before going for the hunt, which means it does not gives any kind of possible clues, hints or ideas which in turns creates hurdles for a Security Researcher who are aligned either to get a hint or some kind of clues for attacking the functionality or go blind and attack each and every functionality with possible payloads for triggering the issue that may lie, thus a security analyst has to first understand what his/her approach should be, then postulate the applications behavior and core functionalities leading to bug hunt.
After solving the lab the participants will be able to :-
- Speculate what to expect in a real world pentest.
- Deduce ideas to create a mind map and checklist for performing a security testing.
- Understand the core application logic, its behavior, its functionality and the approach to break them.
- Real world taste of low severity issues to critical issues which might often get missed or neglected during a pentest.
- Introduction of Threads App
- Threads App Features
- Why Threads App needs?
- Threads App Features
- Threads App Installation
About Trainer :
Akarsh Singh (Senior Security Analyst @ Enciphers), Security Researcher (AppSec, Infra) & Trainer, Android App Developer (ThinkBots)
Samiul Hussain (Security Analyst Intern @ Enciphers), AppSec & Infra Security Researcher.