CanSecWest Vancouver 2013

Site menu:

Register | Conference | Dojo | Speakers | Agenda | Slides | Hotel & Travel | Contact

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

Exploiting and Defending Mobile

Register for March 2-3 Course
Register for March 4-5 Course

Instructor(s):
Subu Ramanathan
Patrick Szeto

Description

Students will discover mobile hacking techniques for Android and iOS. They will understand the platform security models, device security models, app analysis, file system analysis and runtime analysis for these popular mobile operating systems.

This course will provide students with the knowledge necessary to assess mobile app security including what hackers look for in mobile apps. Hacking apps themselves will equip them with the skills required to protect their own apps from attacks.

Students will come out with an understanding of the pitfalls to mobile device security and the importance of developing mobile apps securely. They will learn the concepts necessary to securely develop mobile in your organization.

Learning Objectives

• Perform attacks against sample mobile apps to understand the weaknesses that exist in the current device security models
• Implement secure coding techniques into your mobile development lifecycle to protect your mobile apps from high risk attacks
• Communicate mobile device security threats and the risks associated with mobile devices from an enterprise perspective

Lab Environment

• ExploitME Mobile (EMM) vulnerable banking application
• Labs will be performed on the iOS Simulator and Android Emulator
• Android Labs will be delivered on an Ubuntu VM via USB
• iOS Labs will be run on OSX Mountain Lion with XCode 4+
• Secure Coding techniques for Android and iOS by mapping vulnerabilities in EMM to code fixes

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Agenda

Day 1:

• Introduction
• Device Security Model
• Protocol Analysis
• Device File System Analysis

Day 2:

• Mobile App Decompilation
• Multi-platform Development
• Mobile HTML5 Web
• Device API Weaknesses
• Other Mobile Topics

Taget Audience

• Mobile Developers
• QA / Analysts
• Security Testers

Prerequisites

iOS & Android Labs:

• Macbook
• OSX 10.8 Mountain Lion
• Intel Core i5 (or better)
• 4GB RAM
• DVD Drive

Android Labs Only:

• Intel Core i5 (or better)
• 4GB RAM
• VMWare Player / VMWare Fusion
• DVD Drive

Sponsors:

More Information:

Sponsorship Information | Valid XHTML | Valid CSS

Wise words:

"Sen Sen No Waza - to strike the opponent after he has formed the intention to attack and has committed to a specific motion."

Copyright © dragostech.com inc. All Rights Reserved.