As the prevalence of mobile devices and applications have exploded over the last few years, security and privacy have failed to keep pace. Mobile devices and applications are one of the hottest things out there right now. Fueling the fire is the convenience, ease of use and ease of creation that the mobile platforms have given us. But those same fuels are also driving mobile devices and applications to be a hotbed of security problems. Mobile devices have created millions of new developers, most of whom aren’t familiar with formal Software Development Lifecycles (SDLC), secure coding guidelines or attack techniques. This talk will addressthe OWASP Top Ten Mobile Risks and show how a proper SDLC framework can eliminate these risks. It will also include real examples where it makes sense and let you know what you can do, whether you’re a developer, buyer or just someone who uses mobile apps.
Rick Hayes serves as a Delivery Manager at a major security vendor and has more than 20 years of experience in vulnerability assessments, penetration testing, wireless security, mobile application security assessments and social engineering. Rick is a frequent speaker at industry conferences, such as DerbyCon, Outerz0ne, ShoeCon, Security B-Sides and many more. He is leading the development of the Penetration Testing Execution Standard Technical Guidelines. Rick is the host of the InfoSec Daily Podcast, which is the only daily podcast devoted to Information Security news, topics and discussions.
Karthik Rangarajan is a Principal Security Consultant focused on penetration tests and vulnerability assessments, who has been involved in the information security arena for the last 3 years. He has been writing programs, meddling with code and participating in developer hackathons for almost 6 years. His programming background gives him a good aptitude for static code analysis, as well as breaking down mobile applications for security assessments. Karthik is a co-host of the InfoSec Daily Podcast, which is the only daily podcast devoted to Information Security news, topics and discussions.