Title: Putting the Smart into Smartphones: Security Testing Mobile Applications
Dan Cornell, Principal, Denim Group, Ltd.
Wednesday, June 6, 2012
12:25 PM PT - 1:25 PM PT
Security testing techniques for web applications are fairly well-understood and documented. However, mobile applications have different threat models than web applications and also rely on different technologies; therefore the goals of mobile application security testing are different as are the techniques. This presentation outlines a basic threat model for a mobile application and walks through concerns an application developer might have when deploying the application. Different testing techniques that can be used to gain insight into the security properties of the application are discussed and comparisons are made to the testing of web applications and other software to demonstrate the similarities and differences when dealing with mobile applications. Examples are given for both iPhone and Android platforms but the general techniques apply to any mobile application platform.
About Dan Cornell
Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.
Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway and OWASP EU Summit in Portugal.