[Owasp-kansascity] Announcement: OWASP Kansas City chapter meeting - Mobile Device Software Security and Testing Thurs.August 26 - 7PM

Mat Caughron caughron at gmail.com
Wed Aug 25 10:01:11 EDT 2010


We are please to announce the first of our Fall 2010 chapter meetings.


Location:   Johnson County Community College (JCCC), Room 175 in the Regnier
Center.
   (room number subject to change, follow this mailing list for any
last-minute notifications)

Agenda:    7:00PM-8:15PM Mobile Device Software Security and Testing

Speaker:  Steve Jensen, BT Global Services

Stephen Jensen has been performing web application security assessments for
over 7 years. With a background as a software developer, it was his
experiences within the software industry that led him to shift his focus
more towards the security aspect of software. Stephen is an advocate of the
SDLC (Security Development Lifecycle) development process, which attempts to
include security as a primary objective within the requirements phase of the
software development lifecycle, as well as throughout the entire development
process.

Topic: Mobile Device Software Security and Testing Presentation

Introduction:
	- Why we care about these devices?
	- How enterprises are using these devices.
	- Personal data stored on these devices.
	- What we can do depends on the functionality implemented on the device
	- More and more apps are found to be malicious in some way.

	iPhone:
		- What does "jailbreaking" actually do?
		- Installing SSH through Cydia.
		- Using WinSCP to view the underlying filesystem.
		- Files on the file system (sqlite databases, etc.)
		- Proxying WiFi traffic for request/response analysis & manipulation.
		- Proxying 3G traffic through a VPN connection running on a linux VM
(currently researching and setting up).
		- Where are applications located on the device?
		- Extracting the applications off the phone for further analysis.
		- How to get at the application via iTunes if the iPhone is not jailbroken.
		
	
	Android:
		- Rooting the device (not a hands on demonstration as this is
version dependent).
		- Setting up SSH on the device.
		- Using WinScp to view underlying filesystem
		- Proxying 3G traffic through a VPN connection running on a linux VM
(currently researching and setting up).
		- Where are the applications located on the device?
		- Extracting the applications off of the phone.
		- Unpackaging the applications.
		- Decompiling the applications to gain a better understanding of
what they are doing.


8:15 - 9:00 open discussion and networking

Calendar invitation to be sent in a separate email.




Mat Caughron CISSP CSSLP
Kansas City OWASP volunteer leader
caughron at gmail.com
(816) 866-0628
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-kansascity/attachments/20100825/ccf34b44/attachment.html 


More information about the OWASP-KansasCity mailing list