Written by Barbara Munyendo
This year i had a chance to attend and volunteer at the African Women in Technology (AWTC) 2018 conference which was held on 10th November at Radisson Blu. I attended the infosec workshops which were conducted by Judy from SheHacks Kenya together with Jade and Shadrack from AfricaHackon. The main topic of the presentations was mobile and web application security which was broken down into three segments handled by the specified individuals.
The first presentation was handled by Jade Solomon who walked us through methods used to retrieve personal information based on website registration details and using social media facial recognition functionality to identify an individual based on an image. He also highlighted on vulnerabilities existing on mobile applications that allow rogue employees to defraud Kenyans and also the lack of user awareness to identify attacks.
The second session was handled by Judy who presented on HTTP header injection with a basic introduction to communication over HTTP and the type of information that can be retrieved during the communication. She stressed on the need to understand application architectures in order to identify potential targets and also the importance of system updates on content management systems, web servers and databases since alot of attackers target unpatched systems.
The last session was led by Shadrack who presented on Android application security and showcased the different methods used in assessing an android application in order to analyze the functionality of the application and bypass critical functionality. Majority of the vulnerabilities he identified were based on vendors implementing critical code functionality on the distributed application file with no restrictions on reverse engineering and also the implementation of the android SQLite database to store unencrypted data.
Overall, AWTC delivered a well thought out conference which introduced attendees to new technologies, innovative ideas on entrepreneurship, mentoring and application security. As a technology enthusiast, i understand the continued relevance and need to empower women into digital sphere in order to ensure the growth and sustainability of enterprises and our economy. This conference gave us an understanding of the need for women in the industry, the current developments and challenges in the technology field and also promoted the inclusivity of men in continuously supporting women in achieving digital maturity.
I am looking forward to the next AWTC event and i hope next time everyone will have a chance to attend the infosec sessions and learn how to protect their data and systems.