Mobile Application Security: Who, How and Why

Mobile Application Security: Who, How and Why

Presented by:

Mike Park Managing Security Consultant

Trustwave SpiderLabs

? 2012

Who Am I

? Mike Park

? Managing Consultant, Application Security Services, Trustwave SpiderLabs ? 14+ Years of App development and security experience ? Java, C\C++, ObjC, python, ruby, javascript ? x86 and ARM v7 ASM with some exploit development and reverse

engineering

? 2012

Topics

What we'll cover

? The Big Picture ? Attack Points ? Fun with Android ? Fun with iOS ? Developer Guidelines ? Conclusions

? 2012

The Big Picture

? 2012

The Big Picture

? What are people doing here?

? Stealing Money and information ? Embarrassing people ? Getting famous ? Breaking out of restrictive application licensing and functionality

? Breaking out of restrictive platforms

? For the lulz...

? People inherently trust new technology ? "Its magic"...

? 2012

The Big Picture

? Apps In the Press

**.ecappj01



? 2012

The Big Picture

? Targets

? Based on Trustwave 2012 Global Security Report, based on 300 data breaches in 18 countries

? Industries targeted ? Food and Beverage (43.6%) and Retail (33.7%) are the largest ? 77.3 %.

? Info targeted ? PII and CHD 89%, Credentials ? 1%

? For Mobile most devices platforms are targets of Banking Trojans

? 2012

The Big Picture

? Why

? Development is focused on features not security ? Developers are unaware of the underlying platform ? Users don't even have security on their radar ? Users are easily social engineered

? New Technology is "magic", remember?

? 2012

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download