Title: Mobile Applications & Proxy Shenanigans
With over 5 Billion mobile devices presently in use, mobile applications enable new threats and attacks which introduce significant risks to organizations. As such, it is imperative that we perform our normal application security procedures on all mobile applications, including pen testing and code reviews. Pen testing mobile applications has proven to be difficult when typical application security testing practices are employed. Proxying mobile traffic for examination and modification is anything but straightforward and every application presents its own, unique challenges. David and Dan will explain the issues that arise when trying to proxy mobile application traffic. Join Dan and Dave as they provide guidance and a roadmap so that you may overcome these obstacles.
Dan Amodio,Application Security Engineer, Aspect Security
Dan Amodio is an Application Security Engineer at Aspect Security, where he provides services to a variety of clients. His experience spans a wide variety of IT departments to include software development, penetration testing, code review, architecture review, and technical support of hardware and software. He has over 10 years of programming experience in a variety of languages and actively participates in open source and software security communities.
Outside of work, Dan enjoys spending time with his wife and daughter. He is a longtime musician, and exercises his attention to detail through performing, recording and sound engineering.
David Linder, Global Practice Manager, Mobile Application Security Services and Managing Consultant, Aspect Security
At Aspect Security, David’s primary focus is on mobile application security and proactive mobile forensics. David specializes in application penetration tests by using a combination of manual testing methods and tools. During his 12 years of experience in application development, network architecture design and support, and IT consulting, David has supported clients in the financial, healthcare, government, manufacturing and retail sectors.
David holds an M.S. degree in Computer Engineering & Information Assurance from Iowa State University that is recognized by the NSA as a National Center of Academic Excellence in Information Assurance Education. David received a B.A. with a triple major in Computer Science, Physics & Mathematics from Wartburg College in Waverly, Iowa.
Date:Thursday October 25, 2012 10:00am - 10:45am
Location: AppSecUSA, Austin, TX. Hyatt Regency Hotel. Checkmarx Room