FROC2010 Abstract Zusman2
The Presentation: "What's Old Is New Again: An Overview of Mobile Application Security"
The ever-increasing prevalence of mobile devices brings with it a slew of security problems. Applications running directly on mobile devices (and web apps optimized for mobile clients) are ripe for the picking even by unsophisticated attackers. The attack classes that once applied to traditional network-facing, fat client, and web applications are now valid for mobile apps, as well. Insecure authentication and access control; home-grown crypto; and memory management problems are just some of the issues resurfacing on this new frontier. This presentation will discuss the security of some of the most popular applications running on mainstream mobile platforms such as Android, iPhone, Blackberry, and Windows Mobile.
Zach is a Senior Consultant with the Intrepidus Group, specializing in network and web application penetration testing. He has performed security assessments for numerous clients, including Fortune 500 companies and higher education institutions. Prior to joining Intrepidus Group’s professional services team, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Zach has also presented at the MIS Training Institute's InfoSec World, IT Security World, and FinSec conferences, as well as Boston-area security professionals' groups, on topics such as open source security tools, security in virtualized environments, and vulnerability disclosure.
Mike Zusman is a Principal Consultant with the Intrepidus Group. Prior to joining Intrepidus Group, Mike held the positions of Escalation Engineer at Whale Communications (a Microsoft subsidiary), Security Program Manager at Automatic Data Processing, and lead architect and developer at a number of smaller firms. In addition to his corporate experience, Mike is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors. He has spoken at a number of top industry events including CanSecWest, Defcon, Black Hat and regional OWASP events. Mike also speaks and teaches about information security at NYU/Polytechnic University. Mike brings 11 years of security, technology, and business experience to Intrepidus Group. He is a CISSP and an active member of the OWASP foundation.