"Mobile Applications Security Testing (iPhone/iPad, Android, J2ME) - Approach, Methodology and Demonstrations"

Suhas Desai, Senior Consultant, Aujas Networks

Introduction

The purpose of this tutorial is to focus on trends in mobile applications security, risks in mobile applications, the need for mobile applications security testing, approach / methodology and demonstrations for iPhone/iPad, Android and J2ME mobile applications security assessment. This tutorial will also focus on best practices to mitigate these risks.

Wide acceptance of mobile technology is a leading security concern as well. Mobile applications work on various communications channels – SMS, USSD and IP based communications. In recent times, major security flaws in these communications channels, applications design, database storage, cryptography and implementation errors have become a prime concern for service providers.

Some critical threats like fraudulent transactions, request/response manipulations, weak encryption and insecure message communications directly affect revenue loss to mobile applications service providers. This is motivating companies to look at mobile applications security very seriously.

In this tutorial, detailed discussions and demonstrations for critical mobile applications (iPhone/iPad, Android and J2ME) security assessment will be carried out.

Intended Audience

This session is beneficial for an intermediate level technical audience in mobility; mobile applications architects, security professionals, application designers, developers and testing professionals.

Key takeaways

  • In depth discussions and demonstrations of major security tests on iPhone/iPad, android and J2ME applications will help the technical audience learn how to assess these mobile applications and mitigate the risks.

  • The focus on mobile applications’ security best practices, mitigation approaches and methodologies for critical risks will be helpful in enhancing security in mobile applications.

Content Flow

  • Trends in Mobile Applications Security
  • Risks in mobile applications
  • Why Mobile Application Security?
  • Security Assessment Approach and Methodology
  • Demonstrations
    • J2ME Application Security Test
    • Android Application Security Test
    • iPhone/iPad Application Security Test 
  • Mobile app development: Differences from traditional approach
  • Best practices to secure Mobile Apps
  • case Studies:
    • Securing Enterprise Mobile Applications
    • Securing Mobile Payment Applications

 

Speaker's Profile

Suhas Desai, Senior Consultant, Aujas Networks

Suhas Desai is a distinguished Senior Consultant at Aujas Networks. At Aujas, he handles Mobile Security Services. He is responsible for the growth of Mobile Security Services. His extensive experience in Mobile Technology spreads across iApps Security, Mobile PKI, Mobile Apps (iPhone/iPad, Android and J2ME), USSD / DSTK Apps, Mobile VAS, SIM card and Mobile Payment’s Security services. Prior to joining Aujas Networks, he worked with Tech Mahindra.

A frequent speaker at prominent industry and customer forums, Suhas has been on technical advisory committees for prestigious National and International conferences. He has delivered over 350 conference talks on software & mobile security across the globe including OSSPAC’09, Singapore; INTEROP 2009, Mumbai; STeP-IN 2010 Bangalore; MOSC 2010, Kuala Lumpur; OSBizConference 2010, Malaysia; ‘Mobile VAS in Growth Markets summit’, 2010, Dubai; ClubHack 2009, Pune; c0c0n 2010, Cochin and ‘4th Mobile Commerce Summit ASIA’, 2011, Kuala Lumpur.

He is the proud author of several research papers for reputed journals and magazines in Security, RFID and the Image Processing domain. He also contributes features for Linux for You, Linux+ and Linux Journal magazines.