Project Summit: Mobile Security Session

Presented at AppSec USA 2013, Nov. 19, 2013, 9 a.m. (240 minutes)

Just as the mobile security landscape has changed, so has the OWASP Mobile Project. Join us as we discuss the major milestones of 2013 and what is in store for the projects future. We will also go deeper in to the Mobile Top Ten project where we will discuss the decisions made on categories, vulnerability information, and look at some surprising vulnerability trends in mobile applications. During this session, we will cover: - OWASP Top 10 Mobile Risks, 2014 Refresh. - Mobile project 2013 achievements and the 2014 roadmap. - Increasing industry collaboration within the mobile security space.

Presenters:

• Daniel Miessler - Principal Security Architect - HP
  Daniel Miessler is Principal Security Architect with HP based out of San Francisco, California. He specializes in application security with specific focus in web and mobile application assessments, helping enterprise customers build effective application security programs, and speaking with executives about how to best leverage technologies and processes to reduce real-world risk. In his spare time he enjoys reading and writing, programming, rowing, and table tennis.
• Jack Mannino - nVisium
  Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium to invent new and more efficient ways of protecting software. Jack is a huge fan of contributing to open source projects, and leads the OWASP Northern Virginia chapter. In his spare time, he loves to kick around new frameworks and technologies, especially things that run Android and code written in Scala. He's also an optimistic New York Mets fan, although that optimism slowly fades away every summer.
• Jason Haddix - Head of Penetration Testing - Fortify
  I currently facilitate information security consulting at HP which includes developing test plans for Fortune 100 companies and competing in "bake-offs" against other top tier consulting vendors. My strengths are web, network, and mobile assessments. I write for my own infosec website (www.securityaegis.com) that reviews industry training, interviews security professionals, and provides anecdotal/practical advice related to offensive security. I also write articles for security publications and speak at security conferences whenever possible. I am a semi-regular player on the capture the flag team Shellphish, an academic hacking group based out of the University of California, Santa Barbara.

Links:

• https://appsecusa2013.sched.com/event/1gFtxrb/project-summit-mobile-security-session

Similar Presentations:

• DEF CON 17 (2009) / Is your Iphone Pwned? Auditing, Attacking and Defending Mobile Devices
• AppSec USA 2013 / 2 Day Pre-Conference Training: Securing Mobile Devices & Applications Training
• AppSec USA 2014 / Ten Secrets to Secure Mobile Applications