MobAppSecTriathlon

Blog home for Gunnar Peterson (@OneRaindrop) and Ken van Wyk (@KRvW) for topics related to our joint Mobile App Security Triathlon events. For more info, see our website: www.MobileAppSecTriathlon.com Contact us to schedule a MobAppSecTriathlon at your organization.

Tuesday, October 16, 2012

You're not counting on your app store, are you?

Today's mobile app stores, like Apple's App Store (via iTunes), review the software in their stores before the public can download...

Tuesday, October 9, 2012

Mobile Brings a New Dimension to the Enterprise Risk Equation

In yesterday's blog we looked at Technical Debt, and how its infosec's habit to lag technology innovation. In the big picture, this...

Monday, October 8, 2012

Line in the Sand on Subprime Security- Mobile Apps Can't Afford to Take on Technical Debt

If there is one thing that's crystal clear in Infosec its that Infosec lags software innovation. Its a field where we are always playing...

Is SSL adequate for your iOS app?

How do you secure your iOS apps' network connections? Is it sufficient to simply use HTTPS in an NSURL object? The short answer is it de...

Thursday, October 4, 2012

What's In your Android Security Toolkit, Part 4

This is the fourth in a series of posts focused on building an Android Security toolkit. So far we have looked at access control services...

Friday, September 28, 2012

How do you think they'll attack your iOS app?

Write an app of any intrinsic value (either in user data, transactions, or whatever), and someone is going to attack it. It's 2012, aft...

Thursday, September 27, 2012

OAuth 2.0 - Google Learns to Crawl

Good news - Google is shipping OAuth 2.0 tools via Google Play. Wish this had happened years ago . when the Android platform shipped but ...

How do you protect your users' sensitive data? -- iOS

What would you think of someone who spent [an enormous amount of money] and installed industrial/military grade locks throughout his house, ...

Wednesday, September 26, 2012

What's in Your Android Security Toolkit, Part 3

In the last two posts , we explored what goes into building an Android Security Toolkit, these are tools that developers can apply to minim...

Monday, September 24, 2012

APIs behaving badly -- iOS

Did you know there are several system-level information caches where sensitive data can hemorrhage from your iOS apps? That's right, eve...

Friday, September 21, 2012

An annotated bibliography of MobAppSec -- iOS Edition

In the past few months, we've seen the publication of several highly useful texts on different topics related to mobile app security. We...

Mobile App Sec is being left behind

When it comes to application security, mobile app sec ("MobAppSec" as we like to call it) seems to be getting some pretty abysmal ...

Tuesday, September 18, 2012

Building an Android Security Toolkit Part 2

In the last post , we started building out an Android Security Toolkit, things every Android developer should know about security. Access c...

ANNOUNCING: MobAppSecTri Scholarship Program

For our upcoming three day Mobile App Sec Triathlon in San Jose, California on November 5-7, we are today announcing a student / intern sc...

Friday, September 14, 2012

PCI has gone mobile -- is your app ready?

The folks over at the Payment Card Industry (PCI) security standards council have just published their " PCI Mobile Payment AcceptanceS...

Thursday, September 13, 2012

iOS 6 and UDID deprecation

This is somewhat of a follow-up to my posting yesterday re what iOS devs should know about security-relevant changes to iOS 6. We've ...

Wednesday, September 12, 2012

iPhone 5 and what every (secure) developer should know

Well, the Apple iPhone 5 big event has come and gone, and what new stuff do we need to know from a security standpoint? For starters, the ...

Tuesday, September 11, 2012

What's in your Android Security Toolkit?

Ken van Wyk asks mobile developers - what's in your bag of tricks ? From a security perspective Ken lists a number of critical things fo...

Monday, September 10, 2012

Is your mobile app ready for legalized Wi-Fi sniffing?

Sure, we've all known about network sniffing for many years, right? We've also known that sniffing a network we don't own is il...

Friday, September 7, 2012

Why We Train

Ken van Wyk asks what is in your Mobile App Security toolkit ? I had planned to write a post responding to that, but saw the tweet below fro...

View web version

Contributors

KRvW
gunnar

Powered by Blogger.