[Owasp-mobile-security-project] Movement

[Chris Wysopal]

Veracode will be releasing support for static analysis of iOS apps written in Objective C by the end of June 2011. We currently support Android and Blackberry apps written in Java.

-Chris

From: owasp-mobile-security-project-bounces at lists.owasp.org [mailto:owasp-mobile-security-project-bounces at lists.owasp.org] On Behalf Of McGovern, James
Sent: Wednesday, May 18, 2011 11:27 AM
To: owasp-mobile-security-project at lists.owasp.org
Subject: Re: [Owasp-mobile-security-project] Movement

Curious to know how many static analysis tools cover Objective C or some of the other languages used in mobile development.

From: steve jensen [mailto:sjensen1207 at hotmail.com]
Sent: Wednesday, May 18, 2011 11:26 AM
To: McGovern, James; owasp-mobile-security-project at lists.owasp.org
Subject: RE: [Owasp-mobile-security-project] Movement

With regards to #3c, there are several static analysis tools available that can analyze the VB code, since it's .NET and decompiles back down to MSIL.

> From: james.mcgovern at hp.com<mailto:james.mcgovern at hp.com>
> To: owasp-mobile-security-project at lists.owasp.org<mailto:owasp-mobile-security-project at lists.owasp.org>
> Date: Wed, 18 May 2011 13:06:08 +0000
> Subject: Re: [Owasp-mobile-security-project] Movement
>
> A few questions/thoughts:
>
> 1. Was thinking that the use cases for mobile vary somewhat between consumer and enterprise. Consumers rely on the vetting process of the respective stores such as Apple's iphone store, etc while enterprises such as insurance carriers may develop an application solely for their own usage. Minimally in these scenarios, considerations around deployment will change. In order to make deployment easier, would it make sense to provide guidance on breaking cell phone security or at least figuring out how to load an application on a phone without either loading onto the store or having a developer connect locally?
>
> 2. I have looked at the Microsoft WM7 and am curious if we have thoughts around (a) a phone supporting sockets (b) lack of robust crypto apis (c) lack of robust tools to do static analysis on code written in VB
>
> 3. How do we want to capture the nuances between different OS? Eg. Apple vs Android vs WebOS vs WM7, etc
>
> 4. Have we missed an opportunity for OWASP at large to bring in corporate members such as Nokia, Samsung, LG, etc by leveraging this project?
> _______________________________________________
> Owasp-mobile-security-project mailing list
> Owasp-mobile-security-project at lists.owasp.org<mailto:Owasp-mobile-security-project at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-mobile-security-project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mobile-security-project/attachments/20110518/ef674a84/attachment-0001.html