Here are the slides from my recent webinar. Sorry about the delay!
Category Archives: Android
It’s not too late to register for my webinar on July 12th: Android vs. Apple iOS Security Showdown. I’ll be taking a entertaining look at the current security posture of both platforms. I’ll be battling the Apple App Store vs. Google Play, device updates, MDMs, developer controls, security features and the current slew of vulnerabilities for both platforms. Which one will emerge the victor? Register for my webinar on July 12th to find out!
This week I co-presented “Smart Bombs: Mobile Vulnerability and Exploitation” with John Sawyer and Kevin Johnson at OWASP AppSec DC. We talked about the some of the current problems facing mobile applications such as flaws found in the OWASP Mobile Top 10 and various privacy issues. We also talked about how you go about testing mobile applications from the application layer (HTTP) down to the transport layer (TCP) and file system. I highly recommend you take a look at John’s file system testing methodology as he takes more of a forensic approach which works really well. The takeaway from the talk is that you need to look at all these areas when testing mobile apps and mobile apps are growing area of concern from a security and privacy perspective.
One update we forgot to mention in the talk is that you should use Mallory, which is a transparent TCP and UDP proxy for testing mobile applications. This is an excellent tool created by the guys at Intrepidus Group. We’ve found that some apps will bypass proxy settings and lots of apps are sending data over binary protocols and more. Mallory is the tool you need for testing any mobile app fully!