Intrepidus Group
Insight

OWASP ATL: Mobile Application Assessment Presentation

Posted: November 29, 2011 – 4:04 pm | Author: | Filed under: iOS, Mallory, Mobile Security, OWASP, software security, ssl

I recently gave a presentation at OWASP ATL on the OWASP Mobile Top 10 and how to assess mobile applications. This was a light weight discussion of the OWASP Mobile Top 10 and some topical and technical concerns related to securing mobile applications.

Download the presentation here: [download id="276"]

 

These videos show various testing techniques on real applications. The applications targeted didn’t have any serious problems. In the case of the game, “WordFeud”, a Scrabble clone, the game maintained game state on the server and tampering with client side values did not yield any interesting results. The SoundCloud demonstration shows how it uses the iOS data protection API to avoid storing OAuth tokens in the applications file sandbox and instead uses KeyChain.

Video Demo Series Here:

iPad SSL MiTM

  1. http://www.youtube.com/watch?v=0453HDZYdGU
  2. http://www.youtube.com/watch?v=kZ1pKShrKyk
  3. http://www.youtube.com/watch?v=NvyM1wzwT2o
  4. http://www.youtube.com/watch?v=HRRqL7IAkJw
  5. http://www.youtube.com/watch?v=24FT-plmjAs

iOS Application MiTM

  1. http://www.youtube.com/watch?v=Hgk310uUdjI
  2. http://www.youtube.com/watch?v=x1T6kjtcpLw
  3. http://www.youtube.com/watch?v=0VwJ1bss5wA
  4. http://www.youtube.com/watch?v=50NAa324WC0
  5. http://www.youtube.com/watch?v=btl147-ioKQ
  6. http://www.youtube.com/watch?v=5YFC2L0vapM
  7. http://www.youtube.com/watch?v=UL6mjywzBwU

Sound Cloud and Data Protection

  1. http://www.youtube.com/watch?v=5fhktPV0LCs
  2. http://www.youtube.com/watch?v=p6R15lVmOYA

 

 

Both comments and trackbacks are currently closed.

image

This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 18186 items have been purified.