Overview
Syllabus
Intro
Mobile Powers the World, But Mobile Risk is Pervasive
Mobile Security Challenges by the Numbers
Web & Mobile are Fundamentally Different
Understand the Mobile Attack Surface
Understand the Anatomy of a Mobile Attack
Get started on the right path
Leverage OWASP Mobile Project
Use all Your Senses
Learn the Mobile Attack Surface
Changes in MASVS - Platform Interaction
Sensitive data leaks like an overfilled drink
Changes in MASVS - Data Storage
Don't cringe at client-side security controls
Test network on mobile
Don't water down auth & session mgmt
The order matters: Test first, then resilience
Framework for Setting Policy
Don't mix up Security & Privacy, Not the Same
The flavor palate varies widely
Buy a dev a drink, and they might buy you one too
Tony's Mobile Top Ten Recipe
Summary Recommendations
A Sampling of OSS Tools
Leverage Mobile AppSec Testing Checklist
Build Security Into Your SDLC
Taught by
OWASP Foundation