1. InfoconDB
  2. OWASP
  3. AppSec USA 2015
  4. OWASP Reverse Engineering and Code Modification Prevention Project (Mobile)

OWASP Reverse Engineering and Code Modification Prevention Project (Mobile)

Presented at AppSec USA 2015, Sept. 25, 2015, 10:30 a.m. (55 minutes)

In this hands-on workshop session, Arxan Technical Director Jonathan Carter will show you how to reverse engineer and crack mobile apps and SDKs using freely available tools. Carter will highlight some of the key binary risks (reverse engineering, method swizzling, etc.). Participants will use jailbroken mobile devices / Mac workstations (provided by Carter) to perform actual binary attacks. This particular workshop was highly acclaimed at last year's AppSecUSA 2014 and will be delivered at this year's AppSecEU 2015. Very positive feedback from last year's 2014 workshop attendees has been captured and available for review here: https://www.owasp.org/images/e/e3/OWASP_Mobile_App_Hacking_%28AppSecUSA_2014%29_Feedback.pdf

Presenters:

  • Dave Bott
    Dave has been working in the software industry for over 20 years, firstly in Europe, then Asia and the USA. Initially focused on real time operating systems (RTOS), he worked extensively with major defense and telecom companies. As an application security sales engineer, he is passionate about educating customers on risk analysis and threat mitigation.Dave earned a Bachelors Degree in Computing and Information Systems from Manchester University in the UK, and is a naturalized US Citizen.
  • Jonathan Carter - Application Security Strategist - Lending Club
    Jonathan Carter is an application security professional with over 15 years of security expertise within Canada, United States, Australia, and England.  As a Software Engineer, Jonathan produced software for online gaming systems, payment gateways, SMS messaging gateways, and other solutions requiring a high degree of application security. Jonathan's technical background in artificial intelligence and static code analysis has lead him to a diverse number of security roles: Enterprise Security Architect, Web Application Penetration Tester, Fortify Security Researcher, Security Governance lead, and Technical Director. He is the project lead of the the OWASP Mobile Security Group, owner of the OWASP Reverse Engineering and Code Modification Prevention Project, and lead application developer for the OWASP iGoat project.

Links:

Similar Presentations: