Welcome to the full schedule of the OWASP AppSec Research EU 2013 conference days. You’ll find the schedule for the training days at http://trainings2013.appsec.eu
Thursday, August 22 • 4:45pm - 5:30pm
Security Testing Guidelines for mobile Apps

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Smartphones and Tablets increasingly become part of our everyday life. Apps of all kinds assist us with work and personal activities. Beside the additional benefits of these Apps, the extended use of mobile devices is currently also one of the biggest threats for sensitive business data and user privacy. Due to their mobility smartphones and tablets are exposed to additional risks: they are connected to public and insecure networks, they are easily lost or stolen and location services can be misused to track users. In addition to that IT managers and developers usually do not care too much about security for mobile devices yet and focus on trendy solutions and usability. But this carefreeness is risky because attackers are aware of the lack of security measures for many mobile Apps, too. 
As for most software security and privacy should be considered during all stages of mobile app development. In particular it should be verified and approved before the release or installation. But an adopted approach for the specific requirements of testing the security of mobile Apps was not available a short time ago. This led to the decision to develop such a method and resulted in a “Mobile Security Testing Guide”. This guide incorporates existing models for penetration testing and extends and adopts them to meet the requirements for security evaluation of mobile Apps. It includes platform-independent standard procedures and offers flexible options to adapt it to the needs of the penetration tester or customer. 
This presentation will give an overview of the “Mobile Security Testing Guide”, outline differences and similarities to a conventional penetration test and shows with examples how to apply it in practice. 

avatar for Florian Stahl

Florian Stahl

Lead Consultant Information Security, msg systems ag
Florian Stahl is a German security and privacy consultant and evangelist. He is Master in information systems and computer science and has CISSP and CIPT certifications. Currently Florian is Lead Consultant at msg systems in Munich. He is regular speaker at conferences, writes... Read More →
avatar for Johannes Stroeher

Johannes Stroeher

msg systems ag

Thursday August 22, 2013 4:45pm - 5:30pm CEST
Großer Saal