Mobile App Security Fails and How To Survive Them

Presented at TROOPERS18 (2018), March 15, 2018, 4 p.m. (Unknown duration).

This talk will introduce the audience to Mobile Application security and the vulnerabilities affecting mobile software today. Multiple real world vulnerabilities found by the speaker will be discussed.

It's been 7 years since i had to test the security of a mobile application for the first time, having almost no experience in the subject.

During this time, i had the opportunity to experiment, learn and analyze a large number of applications in multiple platforms (J2ME, Android, iOS, Blackberry, Windows Phone), give talks and trainings, and was able to catch a view of the current state of security in mobile app development.

The idea behind this talk is to share with the attendees what i've learned during these years, the most common security vulnerabilities when developing for mobile devices, some real examples (FAILs) from projects i have worked on and show some live demonstrations.

The OWASP Mobile Top 10 project will be discussed and compared to the Web version.

The examples shown will be from different kinds of mobile apps that were tested by the speaker, and will cover the following kinds of vulnerabilities. All the examples will be taken from real applications.

Attendees will leave the talk with the necessary knowledge to take the first steps into the mobile app security world, as well as knowing what kinds of vulnerabilities can affect software they use or develop.


Presenters:

  • Gustavo Sorondo
    Gustavo Sorondo is 33 years old and he is Cinta Infinita's CTO. He has worked in more than 100 information security projects in 6 countries and has delivered trainings in Penetration Testing, Web Application Security, Wireless Security and Mobile Apps Testing. He has also delivered talks and trainings at Security Conferences such as ekoparty, Segurinfo, DragonJARCon and OWASP Latam Tours and Appsec. On the academic field, he holds an Information Systems Engineer degree and is currently finishing his post graduate studies on Information Security. In his spare time he likes to play music and is a snowboarding instructor. Additional information: https://www.linkedin.com/in/gustavosorondo

Links:

Similar Presentations: