Is Your Mobile App Secure?

Anyone developing mobile apps should know how to perform simple security audits, to detect simple errors like plaintext transmission and broken SSL implementations. I'll show you how to easily find such problems.

About This Session

It's easy to audit Android app security, and very important, because most of them have one or more of the OWASP Mobile Top Ten Risks. I tested the top ten US bank apps, stock trading apps, and insurance apps, and 70% of them were insecure. I'll demonstrate several real vulnerable apps, and show to find SSL validation failures and how to add Trojan code to a vulnerable app to create a Proof-of-Concept. Complete instructions for all these tests are available free at samsclass.info.

Time: 9:15 AM Sunday Room: R2-222

The Speaker(s)

Sam Bowne

instructor, Computer Networking and Information Technology , City College San Francisco

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at CodeCamp, DEFCON, BayThreat, LayerOne, and Toorcon, and taught classes and seminars at many other schools and teaching conferences. He has a Ph.D. and a CISSP and a lot of other certifications, and a lot of computer and cables and firewalls and stuff.

Is Your Mobile App Secure?

About This Session

The Speaker(s)

Sam Bowne

instructor, Computer Networking and Information Technology , City College San Francisco

Download

Share