OWASP AppSec DC 2012/Training/Mobile Hacking and Securing
Course Length: 1 Day
Students will discover mobile hacking techniques for Android and iPhone. They will understand the platform security models, device security models, app analysis, file system analysis and runtime analysis for these popular mobile operating systems.
This course will provide students with the knowledge necessary to assess mobile app security including what hackers look for in mobile apps. Hacking apps themselves will equip them with the skills required to protect their own apps from attacks.
Students will come out with an understanding of the pitfalls to mobile device security and the importance of developing mobile apps securely. They will learn the concepts necessary to securely develop mobile in your organization.
- Laptop w/ minimum 2GB RAM
- Latest version of VMWare Player, Fusion, or Workstation
Audience: Technical Skill Level: Intermediate
Perform attacks against sample mobile apps to understand the weaknesses that exist in the current device security models
Implement secure coding techniques into your mobile development lifecycle to protect your mobile apps from high risk attacks
Communicate mobile device security threats and the risks associated with mobile devices from an enterprise perspective
Max Veytsman is a Security Consultant with Security Compass, where he specializes in web and mobile security assessments. He is currently leading Security Compass's training development in the mobile space. Max has provided mobile security presentations and training at such conferences as SecTor and ToorCon.
Patrick Szeto is a Security Consultant with a strong background in information security spanning over a decade. He is a specialist in application security reviews, source code analysis, and secure coding methodologies.Patrick has performed extensive application security assessments for various Fortune 500 clients in the information technology, financial services, data management, telecommunications, national retail and health care sectors. Patrick has also developed vulnerability signature detection tools and application security testing tools and served as a trainer and advisor for an independent vulnerability research team.