Hacking Fantasy Sports Sites - Mobile App Security Vulnerabilities

Dive into the world of mobile application security with this 46-minute conference talk that exposes vulnerabilities in fantasy sports apps. Learn how to exploit weaknesses in popular Fantasy Football and Baseball mobile applications, manipulate team lineups, and post false comments on message boards. Explore the anatomy of a hack, focusing on JSON and REST formats, and discover how familiar vulnerabilities like SQL and command injection persist in mobile environments. Gain insights into various communication formats, including SOAP, GWTk, and AMF, and understand how to set up a testing environment using tools like WiFi Pineapple. Walk away with practical knowledge on mobile back-end hacking techniques, automation tools, and real-world examples of vulnerabilities in current mobile apps. Receive a comprehensive whitepaper detailing the complete setup demonstrated in the talk.