Runtime Manipulation of Android and iOS Applications
Dan Amodio, David Lindner at AppSec USA 2014
With over 1.6 million applications in the Apple AppStore and Google Play store, and around 7 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. Mobile application security encompasses many facets of security. Device security, application security, and network security all play an important role in the overall security posture of a mobile application. Part of being a pen tester of mobile applications is understanding how each of the security controls work and how they interact. One powerful way to test the security and controls of our applications is to utilize runtime analysis and manipulation. Many tools exist to manipulate how an application works, both iOS and Android.
This hands-on skills course will help students learn how to improve their mobile security toolbox. The skills course will utilize tools such as cycript, snoop-it, jdb, etc for runtime manipulation and memory analysis. After the course, students will be able to get better results from their mobile application security testing.
Speakers
Dan Amodio
Principal Consultant, Aspect Security
As a Principal Consultant, Dan manages and defines Aspect Security's line of Assessment Services-- helping organizations quantify their security risks from design to implementation. He works with staff and clients to develop the team members and deliverables.
David Lindner
Managing Consultant and Global Practice Manager, Aspect Security
David Lindner, a Managing Consultant and Global Practice Manager, Mobile Application Security Services at Aspect Security. David brings 15 years of IT experience including application development, network architecture design and support, IT security and consulting, and application security. David's focus has been in the mobile space including everything from mobile application penetration testing/code review, to analyzing MDM and BYOD solutions.
This hands-on skills course will help students learn how to improve their mobile security toolbox. The skills course will utilize tools such as cycript, snoop-it, jdb, etc for runtime manipulation and memory analysis. After the course, students will be able to get better results from their mobile application security testing.
Speakers
Dan Amodio
Principal Consultant, Aspect Security
As a Principal Consultant, Dan manages and defines Aspect Security's line of Assessment Services-- helping organizations quantify their security risks from design to implementation. He works with staff and clients to develop the team members and deliverables.
David Lindner
Managing Consultant and Global Practice Manager, Aspect Security
David Lindner, a Managing Consultant and Global Practice Manager, Mobile Application Security Services at Aspect Security. David brings 15 years of IT experience including application development, network architecture design and support, IT security and consulting, and application security. David's focus has been in the mobile space including everything from mobile application penetration testing/code review, to analyzing MDM and BYOD solutions.