Loading…
Welcome to the full schedule of the OWASP AppSec Research EU 2013 training days. You’ll find the schedule for the conference days at http://sched2013.appsec.eu
Back To Schedule
Tuesday, August 20 • 9:30am - 5:30pm
Mobile Application Hacking and Security - OWASP Top 10 Way

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Mobile application hacking and its security is becoming a major concern in today’s world. In the last few years we have seen a range of new attack vectors and methods of exploitation for these devices. Smart phones and tablets running on iPhone, Android, Windows and Blackberry have taken over the market in frenzy. With an introduction to html5 and native support on most of the mobile platforms, it really becomes interesting how security of mobile devices is shaping up. In today’s world email, social networking, banking everything is possible on the go with Smart phones and derived applications. These Smart phones are now equipped with features like data, Wi-Fi, voice and GPS functions and applications can leverage these features. The sudden growth in the number of applications available for these smart phones does raise a certain level of concern for the user’s security and server supporting these applications. Mobile applications are vulnerable to various sets of different attacks like local storage, user data harvesting, activity spying, unauthorized event injection, UI Jacking, Tab Jacking, Traffic redirection, Logical attacks, hard coded keys and a few other. At the same time Mobile applications are taken with server side over HTTP/HTTPS, it opens up few possible attacks on Web Services and APIs. The server side applications can be attacked with Injections. Several new technology stacks are evolving over Mobile like HTML5 and Silverlight which opens up new attack surface. In this context it is imperative for IT professional and corporate application owners understand these attack vectors along with a mechanism for securing. The class features real life cases, live demos, live hacking, code scanning and defense plans. The following topics will be covered during the class.

Speakers
avatar for Hemil Shah

Hemil Shah

Hemil Shah, CISSP, CSSLP, ACP is the founder and Director of eSphere Security, a company that provides Professional services in Security Arena. He has worked with HBO, KPMG, IL&FS and Net-Square in security space. He has published several advisories, tools, and Whitepapers, and has... Read More →


Tuesday August 20, 2013 9:30am - 5:30pm CEST
Freiraum II Emporio