OWASP AppSec DC 2012/Threat Profiling the Mobile Application Ecosystem

The Presentation
The flood gates of the mobile age have swung wide open, and whether your organization is prepared or not - mobile applications utilizing cloud resources are the future. As organizations race to release Çmobile versions of applications that do everything from home automation to managing your medications and health history, software security assurance is paramount from both regulatory and risk management perspectives. This requires an entirely different approach than simply running scans or handing off your source code to be Çaudited. Analyzing the source code, the mobile application, remote application interfaces and the communication protocols between them are critical to understanding the complete threat profile of the mobile application. Simply looking at one of these components can provide a dangerously misleading representation and lead to increased risk exposure. The speaker will discuss the full threat profile of mobile applications, including their real attack surface and provide thoughts on the future of mobile applications as enterprises migrate further into cloud computing.

The Speakers
Rafal Los