Runtime Manipulation of Android and iOS Applications

Presented at AppSec USA 2014, Sept. 18, 2014, 2 p.m. (45 minutes)

With over 1.6 million applications in the Apple AppStore and Google Play store, and around 7 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. Mobile application security encompasses many facets of security. Device security, application security, and network security all play an important role in the overall security posture of a mobile application. Part of being a pen tester of mobile applications is understanding how each of the security controls work and how they interact. One powerful way to test the security and controls of our applications is to utilize runtime analysis and manipulation. Many tools exist to manipulate how an application works, both iOS and Android.

This hands-on skills course will help students learn how to improve their mobile security toolbox. The skills course will utilize tools such as cycript, snoop-it, jdb, etc for runtime manipulation and memory analysis. After the course, students will be able to get better results from their mobile application security testing.


Presenters:

  • Dan Amodio - Principal Consultant - Aspect Security
    As a Principal Consultant, Dan manages and defines Aspect Security's line of Assessment Services-- helping organizations quantify their security risks from design to implementation. He works with staff and clients to develop the team members and deliverables. Dan holds a security clearance and directly supports a variety of client projects. He leads mobile security efforts, security architecture and design reviews, code reviews, and penetration testing for clients in Government, educational, airline, and financial sectors. His expertise spans an array of IT disciplines including: application security, software development, systems administration, and technical support. He has over 10 years of programming experience in a variety of languages and actively participates in open source and software security communities. Outside of work, Dan enjoys spending time with his wife and daughter. He is a longtime musician, and does performing, recording and sound engineering.
  • David Lindner - Managing Consultant and Global Practice Manager - Aspect Security
    David Lindner, a Managing Consultant and Global Practice Manager, Mobile Application Security Services at Aspect Security. David brings 15 years of IT experience including application development, network architecture design and support, IT security and consulting, and application security. David's focus has been in the mobile space including everything from mobile application penetration testing/code review, to analyzing MDM and BYOD solutions. David also specializes in performing application penetration tests utilizing commercial and freeware products as well as manual testing methods. David has written code in many different languages but specializes in Java/J2EE and Perl. David has supported many different clients including financial, government, automobile, healthcare, and retail. David holds an M.S. degree in Computer Engineering and Information Assurance from Iowa State University, recognized by the NSA as a National Center of Academic Excellence in Information Assurance Education. His Master's thesis was Creating Secure Web Applications and incorporating security throughout the Software Development Lifecycle. (SDLC). David completed his undergraduate work at Wartburg College in Waverly, IA where he received a B.A. with a triple major in Computer Science, Physics, and Mathematics.

Links:

Similar Presentations: