ELC + ABS

"Pentest" (Penetration Testing) is the somewhat Sisyphean art of finding the weakest link in the chain of end to end products such as Clients (Web, Mobile, others), DB, Servers, and a bunch of other software and hardware components. It only takes a single weakness to take down an entire project, and it's better be done in-house, then by some hostile adversary.

As the mobile apps have become the dominant way to consume data for many services, their nature, given the fully available "client" side via the different App stores can serve to simulate real load scenarios, with arbitrary client side scaling. In this presentation we will present an Android based Pentest framework that not only exhausts the server exposed control/REST APIs , but also the behavioral and data path in a fast, reliable, easy and scalable way, using customized distributed Android instances.

As opposed to solutions aiming to test the client side, this framework aims to test a real system under real loads.The audience is anyone interested in a general Purpose Android Operating System, in Linux, in ROM cooking, Android Build Systems and the likes.