james.mcgovern at hp.com
Wed May 18 11:27:18 EDT 2011
Curious to know how many static analysis tools cover Objective C or some of the other languages used in mobile development.
From: steve jensen [mailto:sjensen1207 at hotmail.com]
Sent: Wednesday, May 18, 2011 11:26 AM
To: McGovern, James; owasp-mobile-security-project at lists.owasp.org
Subject: RE: [Owasp-mobile-security-project] Movement
With regards to #3c, there are several static analysis tools available that can analyze the VB code, since it's .NET and decompiles back down to MSIL.
> From: james.mcgovern at hp.com
> To: owasp-mobile-security-project at lists.owasp.org
> Date: Wed, 18 May 2011 13:06:08 +0000
> Subject: Re: [Owasp-mobile-security-project] Movement
> A few questions/thoughts:
> 1. Was thinking that the use cases for mobile vary somewhat between consumer and enterprise. Consumers rely on the vetting process of the respective stores such as Apple's iphone store, etc while enterprises such as insurance carriers may develop an application solely for their own usage. Minimally in these scenarios, considerations around deployment will change. In order to make deployment easier, would it make sense to provide guidance on breaking cell phone security or at least figuring out how to load an application on a phone without either loading onto the store or having a developer connect locally?
> 2. I have looked at the Microsoft WM7 and am curious if we have thoughts around (a) a phone supporting sockets (b) lack of robust crypto apis (c) lack of robust tools to do static analysis on code written in VB
> 3. How do we want to capture the nuances between different OS? Eg. Apple vs Android vs WebOS vs WM7, etc
> 4. Have we missed an opportunity for OWASP at large to bring in corporate members such as Nokia, Samsung, LG, etc by leveraging this project?
> Owasp-mobile-security-project mailing list
> Owasp-mobile-security-project at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-mobile-security-project