Security research, news and guidance

BruCON Agnitio workshop

September 1, 2011  |  Written by Security Ninja  |   Application Security, Ninja News and Updates   |   Leave a comment

Hi everyone,

The BruCON conference schedule was published yesterday so I thought I would write a quick post about my Agnitio workshop.

I have included some information below about the workshop and what you need to bring/configure to join in with the hands on exercises.

What do you need to bring?

I would like everyone to be involved hands on in this workshop if possible. You can of course work with someone else or just observe if you don’t want to do the hands on parts of the workshop. If you want to do the hands on part of the workshop you will need the following:


The following things are required for the Agnitio hands on demos:


In addition to the list above the following things are optional depending on how hands on you want to be:

  • Internet connection to download an application from the Android market place
  • Eclipse IDE installed
  • Android SDK installed
  • Android Debug Bridge (adb) installed, this should be installed as part of the SDK install
  • An AVD configured with the Android market place app installed (instructions here)
  • I think you can also use a rooted Android device if you don’t want to use the emulator

Workshop format

  • A quick look at static analysis and the strengths and weaknesses of humans and software
  • What is Agnitio and why do I think checklists are a vital component of security code reviews
  • Some examples of what can go wrong if you don’t use checklists to find and remove simple flaws
  • Demos/hands on: using checklists in Agnitio to review source code, produce reports and metrics
  • Demos/hands on: how to customise your Agnitio installation
  • A look at mobile (Android and iOS) application security and how analysis is currently done
  • Demo/hands on: using the mobile specific rule sets in the Agnitio static analysis module
  • Demo/hands on: downloading an app from the marketplace and decompiling it using Agnitio

If you have any questions about the workshop content or the configuration needed to take part in the hands on exercises send me an email:

I did plan to release Agnitio v2.1 at BruCON but I’m not sure that will be possible now. I will be using an early version of v2.1 in the workshop and I’m more than happy to give people in the workshop a copy of that.

Talking of v2.1 I put a short video on the Security Ninja YouTube channel this week showing how v2.1 will allow you to decompile an Android app and analyse the source code:

Agnitio v2.0 downloads

I just wanted to quickly say how happy I am to see nearly 1,500 downloads of Agnitio v2.0 in August. I released v2.0 in Las Vegas on the 3rd August and it was downloaded 1,452 times by the end of the month:

Every new version of Agnitio ends up being downloaded more than the previous version which is always a good sign. Agnitio v1.2 was released on the 3rd March and only had 835 downloads in that month, v2.0 had nearly twice that amount in its first month. In total v1.2 has been downloaded 1,852 times so far:

I set what I thought was an ambitious target of 10,000 downloads in the first year. When I add the v1.0 and v1.1 download figures to the ones above and knowing that v2.1 will be released in September/October I think that target will be met.


This entry was posted on September 1, 2011 at 6:54 pm and is filed under Application Security, Ninja News and Updates . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment


Look at our latest security Videos & SlideShares


Upcoming Security Events & Seminars


Check out our Podcasts & White Papers