This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/Smart Bombs Mobile Vulnerability and Exploitation

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |

The Presentation

Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.

The Speakers

Tom Eston

Tom Eston is the Manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile devices. He develops and improves penetration testing methodologies and works to align them with industry standards. He is also the founder of which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national conferences including Black Hat USA, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec and ShmooCon.

Kevin Johnson

Owasp logo normal.jpg

John Sawyer

John Sawyer is a Senior Security Analyst with InGuardians specializing in network and web application penetration testing. John's experience in enterprise IT security includes penetration testing, system and network hardening, intrusion analysis, and digital forensics.

John has developed and taught cyber security training for a large university and spoken at events for industry and law enforcement. He has consulted with federal, state, and local law enforcement agencies on malware analysis, hacker attacks, and digital forensics. John is the author of the popular blog, "Evil Bytes", at, and a member of the winning team from DEF CON 14 and 15's Capture the Flag competition.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg