OWASP AppSec DC 2012/Training/Mobile Hacking and Securing

Description
Course Length: 1 Day

Students will discover mobile hacking techniques for Android and iPhone. They will understand the platform security models, device security models, app analysis, file system analysis and runtime analysis for these popular mobile operating systems. This course will provide students with the knowledge necessary to assess mobile app security including what hackers look for in mobile apps. Hacking apps themselves will equip them with the skills required to protect their own apps from attacks. Students will come out with an understanding of the pitfalls to mobile device security and the importance of developing mobile apps securely. They will learn the concepts necessary to securely develop mobile in your organization.

Student Requirements

 * 1) Laptop w/ minimum 2GB RAM
 * 2) Latest version of VMWare Player, Fusion, or Workstation

Objectives
Audience: Technical Skill Level: Intermediate

Perform attacks against sample mobile apps to understand the weaknesses that exist in the current device security models Implement secure coding techniques into your mobile development lifecycle to protect your mobile apps from high risk attacks  Communicate mobile device security threats and the risks associated with mobile devices from an enterprise perspective

Instructors
Max Veytsman Max Veytsman is a Security Consultant with Security Compass, where he specializes in web and mobile security assessments. He is currently leading Security Compass's training development in the mobile space. Max has provided mobile security presentations and training at such conferences as SecTor and ToorCon.

'''Patrick Szeto" Senior Security Consultant Patrick Szeto is a Security Consultant with a strong background in information security spanning over a decade. He is a specialist in application security reviews, source code analysis, and secure coding methodologies.Patrick has performed extensive application security assessments for various Fortune 500 clients in the information technology, financial services, data management, telecommunications, national retail and health care sectors. Patrick has also developed vulnerability signature detection tools and application security testing tools and served as a trainer and advisor for an independent vulnerability research team.