Presented at
AppSec USA 2014,
Sept. 19, 2014, 9:30 a.m.
(45 minutes).
Many high profile mobile apps have been in the news for failures to use encryption, bad web service design, and privacy violations against users. Join us to get a grasp on how to threat model mobile applications and what the top vulnerabilities and solutions are for them. This talk will use the OWASP Mobile Top Ten as a framework and will introduce developers, testers, and management to techniques that will expedite the task of securing mobile applications.
Presenters:
-
Jason Haddix
- Head of Penetration Testing - Fortify
I currently facilitate information security consulting at HP which includes developing test plans for Fortune 100 companies and competing in "bake-offs" against other top tier consulting vendors. My strengths are web, network, and mobile assessments. I write for my own infosec website (www.securityaegis.com) that reviews industry training, interviews security professionals, and provides anecdotal/practical advice related to offensive security. I also write articles for security publications and speak at security conferences whenever possible. I am a semi-regular player on the capture the flag team Shellphish, an academic hacking group based out of the University of California, Santa Barbara.
-
Daniel Miessler
- Principal Security Architect - HP
Daniel Miessler is Principal Security Architect with HP based out of San Francisco, California. He specializes in application security with specific focus in web and mobile application assessments, helping enterprise customers build effective application security programs, and speaking with executives about how to best leverage technologies and processes to reduce real-world risk. In his spare time he enjoys reading and writing, programming, rowing, and table tennis.
Links:
Similar Presentations: