This year OWASP APAC conference was held at Sydney from Apr
11 to 14. Paladion was invited yet again at the OWASP conference after Jaideep
& Siddharth presented at Gold Coast in 2009.
This time Dinesh & myself were conducting a training
class on “Mobile Applications & Security”, followed by a talk next day on
“Advanced Mobile Application Code Review Techniques”.
About the Training: It was interesting to see some of the
web/mobile app developers and the prospective mobile app developers in our
class. We started with the mobile introductions and threat modeling. Rest of
our session focused on Android & iOS. We taught Android architecture,
development basics, security testing, demonstrated security vulnerability via a
vulnerable application coded by our team. (The Android vulnerable application
can be downloaded at Paladion Labs section at www.paladion.net).
We did the same cycle for iOS applications. We concluded the class with a
discussion on OWASP Mobile Top 10 Risks.
About the Talk: We
were discussing the mobile application vulnerabilities from the code base for
half of the time, focusing on Android & iOS application vulnerabilities.
Later we presented on automating the static analysis to discover these
vulnerabilities at pace. We discussed the analysis logic & keywords for the
vulnerabilities. We have developed a batch script for the Android, which we
demonstrated during the talks. The same is also available for download at
Paladion Labs.
We got some of the good feedbacks from attendees. This gives
an enthusiastic & satisfactory feeling about the work we have been doing
for a while. We met some of the well known security guys, hackers &
security enthusiasts. It was good to be the part of a global conference &
attend the best talks in the industry. I personally loved Mike Park’s “Mobile
Security on iOS & Android”, Jason Haddix’s “Pentesting iOS Applications”,
Christian Frichot on BeEF and Justin Searle discussing Grid Apps Pentest.
Jeremiah Grossman presented some of the useful statistics during his keynote.
OWASP Panel Discussion & the OWASP sponsored Dinner were also enjoyed by
maximum.
