This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec DC 2012/Mobile Application Security Who how and why"

From OWASP
Jump to: navigation, search
(Created page with "<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightThis will be a continuation and expansion of the...")
 
Line 2: Line 2:
 
__NOTOC__
 
__NOTOC__
 
== The Presentation  ==
 
== The Presentation  ==
[[Image:Owasp_logo_normal.jpg|right]]This will be a continuation and expansion of the Android Security talk and presentation from AppsecUSA in September 2011. It will include new material on the mobile threat-scape, new material on iOS and additional examples from real life mobile penetration tests conducted by SpiderLabs Application Security Services.<br>The talk start with a general review of the security landscape by Charles Henderson, with reference to our latest Global Security report and how it applies to the mobile application space. This will include who is doing the attacking and why. It will touch on the target rich environment in mobile applications as well the types of applications targeted<br>The talk will then move on to concrete examples of how and why mobile applications and platforms are susceptible to the kind hacking and attacking just presented.<br>Stating with an overview of iOS, the iPhone\iPad platform and they ways it is attacked will be presented, including why data is leaked and how developers can defend against it.<br>The presentation will then continue into explaining how Android is different - not better or worse, but merely different. Again, touching  on how Android is attacked, how data is leaked and how developers can defend on this platform.<br>The talk will wrap up the talk by speculating about the future of mobile security and mobile application penetration testing.<br>Throughout the presentation, real-world (though, obviously, sanitized) examples from real penetration tests conducted over the past few years at SpiderLabs will be used as illustrations. Where appropriate, there will be  demonstrations of some of points with live or recorded demos of the issues and techniques discussed.<br>As usual, there to be a lively discussion and tough questions following the talk.
+
This will be a continuation and expansion of the Android Security talk and presentation from AppsecUSA in September 2011. It will include new material on the mobile threat-scape, new material on iOS and additional examples from real life mobile penetration tests conducted by SpiderLabs Application Security Services.<br>The talk start with a general review of the security landscape by Charles Henderson, with reference to our latest Global Security report and how it applies to the mobile application space. This will include who is doing the attacking and why. It will touch on the target rich environment in mobile applications as well the types of applications targeted<br>The talk will then move on to concrete examples of how and why mobile applications and platforms are susceptible to the kind hacking and attacking just presented.<br>Stating with an overview of iOS, the iPhone\iPad platform and they ways it is attacked will be presented, including why data is leaked and how developers can defend against it.<br>The presentation will then continue into explaining how Android is different - not better or worse, but merely different. Again, touching  on how Android is attacked, how data is leaked and how developers can defend on this platform.<br>The talk will wrap up the talk by speculating about the future of mobile security and mobile application penetration testing.<br>Throughout the presentation, real-world (though, obviously, sanitized) examples from real penetration tests conducted over the past few years at SpiderLabs will be used as illustrations. Where appropriate, there will be  demonstrations of some of points with live or recorded demos of the issues and techniques discussed.<br>As usual, there to be a lively discussion and tough questions following the talk.
 
== The Speakers  ==
 
== The Speakers  ==
Mike Park and Charles Henderson
+
<table>
 +
<tr>
 +
<td>
 +
===Charles Henderson===
 +
[[Image:Owasp_logo_normal.jpg|left]]Bio TBA
 +
</td>
 +
</tr>
 +
<tr>
 +
<td>
 +
===Mike Park===
 +
[[Image:AppSecDC12-mike_park.jpg|left]]Mike Park is a Managing Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 12 years experience building and securing software for a variety of companies. Mike is a CISSP and specializes in application security assessment, penetration testing, reverse engineering and secure development life cycle. Mike is an active member of the Ottawa ISSA.
 +
</td>
 +
</tr>
 +
</table>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

Revision as of 01:03, 12 March 2012

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

This will be a continuation and expansion of the Android Security talk and presentation from AppsecUSA in September 2011. It will include new material on the mobile threat-scape, new material on iOS and additional examples from real life mobile penetration tests conducted by SpiderLabs Application Security Services.
The talk start with a general review of the security landscape by Charles Henderson, with reference to our latest Global Security report and how it applies to the mobile application space. This will include who is doing the attacking and why. It will touch on the target rich environment in mobile applications as well the types of applications targeted
The talk will then move on to concrete examples of how and why mobile applications and platforms are susceptible to the kind hacking and attacking just presented.
Stating with an overview of iOS, the iPhone\iPad platform and they ways it is attacked will be presented, including why data is leaked and how developers can defend against it.
The presentation will then continue into explaining how Android is different - not better or worse, but merely different. Again, touching on how Android is attacked, how data is leaked and how developers can defend on this platform.
The talk will wrap up the talk by speculating about the future of mobile security and mobile application penetration testing.
Throughout the presentation, real-world (though, obviously, sanitized) examples from real penetration tests conducted over the past few years at SpiderLabs will be used as illustrations. Where appropriate, there will be demonstrations of some of points with live or recorded demos of the issues and techniques discussed.
As usual, there to be a lively discussion and tough questions following the talk.

The Speakers

Charles Henderson

Owasp logo normal.jpg
Bio TBA

Mike Park

AppSecDC12-mike park.jpg
Mike Park is a Managing Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 12 years experience building and securing software for a variety of companies. Mike is a CISSP and specializes in application security assessment, penetration testing, reverse engineering and secure development life cycle. Mike is an active member of the Ottawa ISSA.

Gold Sponsors

 Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

 SPL-LOGO-MED.png

Small Business

 AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

 link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2012/Mobile_Application_Security_Who_how_and_why&oldid=126018"