5 point someone should not do in app development
Submitted by Anant Shrivastava (@anantshri) on Tuesday, 8 September 2015
Section: Enterprise - Full talk (45 minutes) Technical level: Intermediate
I have been performing security testing on android applications since 2010 onwards. If we look at the aggregated results, we see a common pattern. This talk will focus on that pattern and provide and understanding of common android security issues steming from insecure coding practices. the talk will focus on top 5 of these practices.
This talks is a consolidation of my own experiance over a range of 5-6 years of android application analysis from security standpoint. I have been performing android security testing both as part of my daily job as well as part of my part time projects like codevigilant and android tamer. I have also been training people on android security from past many years. Due to the virtual of above two i get to see wierd and worrysome codebases. We have been identifying patterns stemming from insecure coding practices and this talk will focus on giving people and insight about those issues and various ways in which these issues could be mitigated.
(will add more details later)
Basic understanding of Android Application development process.
You should bring a laptop configured with android studio if you wish to parallelly experiment with the stuff being demonstrated on stage.
Anant Shrivastava is an information security professional with 7+ yrs of corporate experience with expertise in Mobile, application and Linux Security. He has trained (~300 delegates) and spoken at various conferences (BlackHat USA-2015, Nullcon-2015, c0c0n-2014 , RootConf-2014, g0s-2013, c0c0n-2013, Nullcon-2012, c0c0n-2012, clubhack-2011, c0c0n-2011). He holds various industry recognized certifications such as SANS GWAPT (GIAC Certified Web Application Testing) and RHCE (RedHat certified Engineer). Co-author for OWASP Testing guide version4. He is credited with multiple responsible public disclosures (refer www.osvdb.org/creditees/10234-anant-shrivastava). He also maintains an Android Security distribution called Android Tamer (www.androidtamer.com) and also runs an responsible disclosure program for open source softwares under the name CodeVigilant (www.codevigilant.com).