File:OTD 2014 - owasp-mobile.pdf

Presentation given by Daniel Bender at OWASP Tampa Day 2014. The mobile application eco-system presents numerous challenges to organizations that seek to apply access control or authorization models to applications. These challenges include the volume of applications, the complexity of the applications, the limitations of the mobile operating system, the limitations on mobile device management solutions, and the rich interactions that mobile applications have with network based services. When presented with the overwhelming desire to do something, organizations may implement rudimentary blacklists of applications; however, as this presentation will discuss, this approach is not scalable and vastly underestimates the complexity of the mobile eco-system. This presentation will cite examples of organizations that are applying a variety of solutions to this problem and present questions that security professionals should consider when designing solutions.