This talk will introduce the audience to Mobile Application security and the vulnerabilities affecting mobile software today. Multiple real world vulnerabilities found by the speaker will be discussed.
It's been 7 years since i had to test the security of a mobile application for the first time, having almost no experience in the subject.
During this time, i had the opportunity to experiment, learn and analyze a large number of applications in multiple platforms (J2ME, Android, iOS, Blackberry, Windows Phone), give talks and trainings, and was able to catch a view of the current state of security in mobile app development.
The idea behind this talk is to share with the attendees what i've learned during these years, the most common security vulnerabilities when developing for mobile devices, some real examples (FAILs) from projects i have worked on and show some live demonstrations.
The OWASP Mobile Top 10 project will be discussed and compared to the Web version.
The examples shown will be from different kinds of mobile apps that were tested by the speaker, and will cover the following kinds of vulnerabilities. All the examples will be taken from real applications.
Attendees will leave the talk with the necessary knowledge to take the first steps into the mobile app security world, as well as knowing what kinds of vulnerabilities can affect software they use or develop.