Difference between revisions of "OWASP AppSec DC 2012/Training/Mobile Hacking and Securing"

From OWASP
Jump to: navigation, search
(Created page with "__NOTOC__ {{:OWASP AppSec DC 2012 Header}} ==Description== '''Course Length: 1 Day''' Students will discover mobile hacking techniques for Android and iPhone. They will under...")
 
 
(2 intermediate revisions by one user not shown)
Line 6: Line 6:
 
Students will discover mobile hacking techniques for Android and iPhone. They will understand the platform security models, device security models, app analysis, file system analysis and runtime analysis for these popular mobile operating systems.<br><br>This course will provide students with the knowledge necessary to assess mobile app security including what hackers look for in mobile apps. Hacking apps themselves will equip them with the skills required to protect their own apps from attacks.<br><br>Students will come out with an understanding of the pitfalls to mobile device security and the importance of developing mobile apps securely. They will learn the concepts necessary to securely develop mobile in your organization.<br>
 
Students will discover mobile hacking techniques for Android and iPhone. They will understand the platform security models, device security models, app analysis, file system analysis and runtime analysis for these popular mobile operating systems.<br><br>This course will provide students with the knowledge necessary to assess mobile app security including what hackers look for in mobile apps. Hacking apps themselves will equip them with the skills required to protect their own apps from attacks.<br><br>Students will come out with an understanding of the pitfalls to mobile device security and the importance of developing mobile apps securely. They will learn the concepts necessary to securely develop mobile in your organization.<br>
 
==Student Requirements==
 
==Student Requirements==
Laptop Required:
+
# Laptop w/ minimum 2GB RAM
Students Need to Bring:
+
# Latest version of VMWare Player, Fusion, or Workstation
Virtual machines with labs
+
  
 
==Objectives==
 
==Objectives==
Line 15: Line 14:
  
 
Perform attacks against sample mobile apps to understand the weaknesses that exist in the current device security models<br><br>Implement secure coding techniques into your mobile development lifecycle to protect your mobile apps from high risk attacks<br><br>Communicate mobile device security threats and the risks associated with mobile devices from an enterprise perspective<br>
 
Perform attacks against sample mobile apps to understand the weaknesses that exist in the current device security models<br><br>Implement secure coding techniques into your mobile development lifecycle to protect your mobile apps from high risk attacks<br><br>Communicate mobile device security threats and the risks associated with mobile devices from an enterprise perspective<br>
==Instructor==
+
==Instructors==
Maxim Veytsman, Oliver Ng
+
'''Max Veytsman'''
 +
 
 +
Max Veytsman is a Security Consultant with Security Compass, where he specializes in web and mobile security assessments. He is currently leading Security Compass's training development in the mobile space. Max has provided mobile security presentations and training at such conferences as SecTor and ToorCon.
 +
 
 +
'''Patrick Szeto'''
 +
 
 +
Patrick Szeto is a Security Consultant with a strong background in information security spanning over a decade. He is a specialist in application security reviews, source code analysis, and secure coding methodologies.Patrick has performed extensive application security assessments for various Fortune 500 clients in the information technology, financial services, data management, telecommunications, national retail and health care sectors. Patrick has also developed vulnerability signature detection tools and application security testing tools and served as a trainer and advisor for an independent vulnerability research team.
 +
 
 
[[Category:AppSec_DC_2012_Training]]
 
[[Category:AppSec_DC_2012_Training]]
 
{{:OWASP AppSec DC 2012 Footer}}
 
{{:OWASP AppSec DC 2012 Footer}}

Latest revision as of 12:13, 23 February 2012

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

Description

Course Length: 1 Day

Students will discover mobile hacking techniques for Android and iPhone. They will understand the platform security models, device security models, app analysis, file system analysis and runtime analysis for these popular mobile operating systems.

This course will provide students with the knowledge necessary to assess mobile app security including what hackers look for in mobile apps. Hacking apps themselves will equip them with the skills required to protect their own apps from attacks.

Students will come out with an understanding of the pitfalls to mobile device security and the importance of developing mobile apps securely. They will learn the concepts necessary to securely develop mobile in your organization.

Student Requirements

  1. Laptop w/ minimum 2GB RAM
  2. Latest version of VMWare Player, Fusion, or Workstation

Objectives

Audience: Technical Skill Level: Intermediate

Perform attacks against sample mobile apps to understand the weaknesses that exist in the current device security models

Implement secure coding techniques into your mobile development lifecycle to protect your mobile apps from high risk attacks

Communicate mobile device security threats and the risks associated with mobile devices from an enterprise perspective

Instructors

Max Veytsman

Max Veytsman is a Security Consultant with Security Compass, where he specializes in web and mobile security assessments. He is currently leading Security Compass's training development in the mobile space. Max has provided mobile security presentations and training at such conferences as SecTor and ToorCon.

Patrick Szeto

Patrick Szeto is a Security Consultant with a strong background in information security spanning over a decade. He is a specialist in application security reviews, source code analysis, and secure coding methodologies.Patrick has performed extensive application security assessments for various Fortune 500 clients in the information technology, financial services, data management, telecommunications, national retail and health care sectors. Patrick has also developed vulnerability signature detection tools and application security testing tools and served as a trainer and advisor for an independent vulnerability research team.


Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg