Mobile Security on iOS and Android - Where the bdies are buried presented at OWASP AppSecAsiaPac 2012

by Mike Park,

Tags: Security

Summary : "This will be a continuation and expansion of my talk on Android Security from AppsecUSA in September 2011. It will include new material on the mobile threat-scape, new material on iOS and additional examples from real life mobile penetration tests conducted by SpiderLabs Application Security Services.
We will start with a general review of the security landscape by Charles Henderson, with reference to our latest Global Security report and how it applies to the mobile application space. This will include who is doing the attacking and why. We will touch on the target rich environment in mobile applications as well the types of applications targeted
We will then move on to concrete examples of how and why mobile applications and platforms are susceptible to the kind hacking and attacking just presented.
Stating with an overview of iOS, we'll discuss the iPhoneiPad platform and they ways it is attacked, why data is leaked and how developers can defend against it.
We'll then continue into explaining how Android is different - not better or worse, but merely different. Again, we'll touch on how Android is attacked, how data is leaked and how developers can defend on this platform.
We'll then wrap up the talk by speculating about the future of mobile security and mobile application penetration testing.
Throughout the presentation, we'll use real-world (though, obviously, sanitized) examples from real penetration tests we have conducted over the past few years at Spider labs. Where appropriate, we'll demonstrate some of our points with live or recorded demos of the issues and techniques discussed.
As usual, we expect there to be a lively discussion and tough questions following the talk."