Back To Schedule
Wednesday, November 20 • 3:00pm - 3:50pm
Advanced Mobile Application Code Review Techniques

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Advanced Mobile Application Code Review Techniques
Learn how Mobile experts blend their techniques in order to accelerate code reviews. While reviewing Windows Phone 8, Hybrid or HTML 5 applications, you will love these handy tricks that help in detecting famous and a few not-so-famous flaws. Using demonstrations and code snippets, we will highlight the benefits of blended techniques in comparison with those of simple scanning or manual testing. You will also learn how to reduce the time taken for review and obtain a ready-to-use checklist.
Objectives: • To give live demonstrations of the most common insecurities found in Windows Phone 8, HTML5 or Hybrid applications.
• To share tested and proven methods of discovering insecurities via code reviews.
• To learn how to efficiently conduct source code reviews for mobile applications.
• To develop a checklist for Mobile Code Reviews.

An emerging trend is the use of smart phones for financial transactions. As usage of mobile devices grow, concerns on security for mobile transactions also grow. With the demand for M-Commerce and M-Banking applications rising, Mobile application developers should be aware of what flaws they may inadvertently introduce.
This presentation is intended to provide an insight into coding-related flaws present in mobile applications. It is aimed at providing you with a targeted and efficient approach towards the discovery of these flaws in your mobile application code. As Windows Phone 8, HTML 5 and Hybrid mobile technology are the latest popular mobile platforms or technology, we would focus on these areas during this presentation. The content of the talk is outlined below: • Introduction to Mobile Applications • Threats to mobile applications
• Advantages of "Mobile Code Reviews"

• Windows Phone Insecurities (with demonstrations using vulnerable code as well as secure code) • Attacks on data stored in the device 
• Malwares present in the application, which send unauthorized SMSs or make unauthorized calls.
• Incorrectly implemented application encoding and encryption.
• Tapjaking
• Other hacks

• HTML5 Insecurities (with demonstrations using vulnerable code as well as secure code) • Insecure Data validations and injection based attacks
• Client side data caching and storage
• Client side reflection based attacks
• Insecure Network Connections
• Other hacks

• Hybrid Technology Mobile Insecurities • A gist of the insecurities with respective discovery techniques and solutions.

• Advanced Mobile Code Reviews • The checklist compiled so far during the presentation
• Handy tricks for Mobile Code Reviews
• A quick demonstration of the discovery of vulnerabilities in a vulnerable application

• Conclusion

avatar for sreenarayan a

sreenarayan a

Security Product Lead, Capital One
Sreenarayan is currently working as an Independant Information Security Consultant. He was the principal researcher in the Mobile Application Security Team at Paladion, having developed Paladion's Android, iOS, Windows Mobile, BlackBerry Gray Box and Code Review checklists, and has... Read More →

Wednesday November 20, 2013 3:00pm - 3:50pm EST
Belasco & Broadhurst (5th Floor) NY Marriott Marquis

Attendees (0)