MobAppSecTriathlon

Blog home for Gunnar Peterson (@OneRaindrop) and Ken van Wyk (@KRvW) for topics related to our joint Mobile App Security Triathlon events. For more info, see our website: www.MobileAppSecTriathlon.com Contact us to schedule a MobAppSecTriathlon at your organization.

Wednesday, June 18, 2014

Interview on Mobile Wallets

Here is a recent interview I (Gunnar here) did with IBM Security strategist Diana Kelley on Mobile Wallet security. Diana covers w...

Wednesday, May 28, 2014

Mobile Security: Defending the New Corporate Perimeter

Here is a keynote talk I gave at the Cloud Idenity Summit - I gave the talk awhile back but these topics keep coming up and thought it woul...

Wednesday, February 5, 2014

Open Letter to Satya Nadella, Re: Mobile Identity

Dear Satya Nadella, Congratulations on your new role. I am excited that the board picked not only a tech CEO, but a middleware guy. There...

Tuesday, April 2, 2013

Mobile Session Management - Which Session?

Session management vulnerabilities are tricky. They are highly dependent on context. Identifying session fixation, session replay and the li...

Friday, March 22, 2013

Security Implications from One Year on Mobile Only

Benjamin Robbins (@PaladorBenjamin) just completed 52 solid weeks working solely on mobile. Of course there were some issues, but he did it ...

Tuesday, March 19, 2013

US FTC fires a warning shot in the mobile software security wars

If you weren't looking carefully, you probably weren't even aware of it. (Indeed, I hadn't seen it until I read John Edwards'...

Schneier Says User Awareness: Tired, Dev Training: Wired

Bruce Schneier tackles security training in Dark Reading . He basically says that training users in classic "security awareness" t...

Monday, March 18, 2013

ANNOUNCING: MobAppSecTri Scholarship Program

For our upcoming three-day Mobile App Sec Triathlon in New York City on April 29 - 1 May, we are once again running a student / intern sc...

Wednesday, March 13, 2013

What can/should the mobile OS vendors do to help?

Mobile device producers are missing important areas where they can and should be doing more. What makes me say this? Well, I was talking w...

What Comprises a Mobile DMZ?

I have a new post on the Intel blog on Mobile DMZs . The post looks at what part of Identity and Access Management, Defensive Services and E...

Wednesday, February 20, 2013

Android adds a Secure Default for Content Providers

Security requires some thought in design, lots of developer attention in secure coding, but there are gaps that the platform can close that ...

Sunday, February 17, 2013

To understand the iOS passcode bug, consider the use case

If you follow any of the iOS-related new sites in the last few days, you'd have to be aware of a security bug that has surfaced in Appl...

Wednesday, February 13, 2013

The front lines of software security wars

There are wars being fought out there, and not just the ones we hear about in the media. I'm talking about "software security wars&...

Wednesday, February 6, 2013

Buyer Education for Avoiding Mobile Dim Sum Surprise Projects

Recently I did a talk at OWASP Twin Cities on building a mobile app security toolchain. The talk went pretty well, lots of good questions. O...

Thursday, January 31, 2013

The Next Mobile Wave- NYEAABTODADWI

Security departments are getting spun up over BYOD and its younger brother COPE (Company Owned, Personal Enabled). I suggest a new approach...

Tuesday, January 22, 2013

How's your 2013 mobile app security fitness coming along?

In my Computerworld column this month, I described how being secure is in some ways similar to being fit. There's good reason why Gunna...

Friday, January 11, 2013

What's the Worst Security Posture for Mobile?

To say its early days in Mobile is an understatement. To say its early days in Mobile security is (and I know its only January) an early ca...

Thursday, November 1, 2012

Android Hacked in Ethiopia

Now this is a lede : "What happens if you give a thousand Motorola Zoom tablet PCs to Ethiopian kids who have never even seen a print...

Tuesday, October 16, 2012

You're not counting on your app store, are you?

Today's mobile app stores, like Apple's App Store (via iTunes), review the software in their stores before the public can download...

Tuesday, October 9, 2012

Mobile Brings a New Dimension to the Enterprise Risk Equation

In yesterday's blog we looked at Technical Debt, and how its infosec's habit to lag technology innovation. In the big picture, this...

View web version

Contributors

KRvW
gunnar

Powered by Blogger.