I want to pass on information regarding an upcoming mobile application security training on November 2-4, 2011 in San Jose, California. The course will be delivered by Gunnar Peterson and Ken van Wyk. I’ve known Gunnnar for many years, he’s a stand up guy and an internationally recognized software security expert. Ken is an information security expert and is also recognized internationally for his expertise. Both are widely published authors in software and information security.
The course is a 3-day format, with different options for different interests. This first day is intended to provide a good overview of the security problems associated with mobile devices. Topics covered:
• A cross-platform look common weaknesses and how to attack them
• Primer on identity management and cloud computing for mobile applications
• Using threat modeling to find (and remove) architectural weaknesses
• How to best perform code reviews
For days two and three, the group breaks into two separate classes: one on iOS and one on Android, where platform-specific issues are discussed, along with remediations, and how to implement them. Topics covered:
• Common platform weaknesses (using OWASP’s iGoat and GoatDroid tools)
• Analyzing an off-the-shelf app (and learning from its problems)
• Platform and application architecture
• Coding lab on building application security controls into your application
• Setting up a test rig and testing the security of mobile applications
Day three is optional and a repeat of day two, so developers can use this as an immersion course into both iOS and Android platform specifics.
Check out the course specifics here: Mobile App Sec Triathlon. Tell them John sent you.