Enterprises are targeting both internal users and customers with smartphone applications for platforms such as Apple iPhone and Google Android. Many of these applications are constructed without fully considering the associated security implications of their deployment. Breaches can impact both users as well as the enterprise distributing the application as attackers take advantage of expanded access to sensitive data and network services. Threat Modeling is an established practice used to identify potential security issues before starting development and holds promise for organizations developing leading-edge smartphone applications. This talk discusses emerging threats associated with deploying smartphone applications and provides an overview of the Threat Modeling process. The presentation then walks through specific examples of how Threat Modeling can be most effectively used in the development of smartphone applications, helping proactively address potential design-level security issues that can be expensive and challenging to fix.
Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group’s security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.
Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway and OWASP EU Summit in Portugal.