Presented at
AppSec USA 2013,
Nov. 21, 2013, 10 a.m.
(50 minutes)
Video of session:
https://www.youtube.com/watch?v=TRDT8O2G56o&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=32
iOS application security can be *much* stronger and easy for developers to find, understand and use. iMAS (iOS Mobile Application Security) - is a secure, open source iOS application framework research project focused on reducing iOS application vulnerabilities and information loss. Today, iOS meets the enterprise security needs of customers, however many security experts cite critical vulnerabilities and have demonstrated exploits, which in turn pushes enterprises to augment iOS deployments with commercial solutions. The iMAS intent is to protect iOS applications and data beyond the Apple provided security model and reduce the adversary's ability and efficiency to perform recon, exploitation, control and execution on iOS mobile applications. iMAS has released five security controls (researching many more) for developers to download and use within iOS applications. This talk will walk through various iOS application vulnerabilities, iMAS security controls, OWASP Mobile top10 and CWE vulnerabilities addressed, and demonstrate the iMAS App Password control integrated into an application.
Presenters:
-
Gregg Ganley
- Principal Investigator iOS Security Research - MITRE Corp
23+ software development and management experience Education: MSCS, BSEE. Active research and development in iOS security, Android development, Ruby on Rails web apps, and project leadership. For the past five years his passion has been in the mobile field and in particular mobile security where he is the Principal Investigator of iMAS (iOS Mobile Application Security) a collaborative research project from the MITRE Corporation focused on open source iOS security controls. iMAS currently has thirteen (13) security controls open sourced on github - ready for download and use! Click here for more - http://project-imas.github.io
Links:
Similar Presentations: