Smart Phones Dumb Apps: Slides and Code Online


I just got back from two weeks traveling to Los Angeles (Irvine) and Dublin, Ireland for OWASP conferences where I gave my talk “Smart Phones Dumb Apps”  The talk looks at a generic threat model for a smartphone application and then walks through how attackers can take the applications apart with examples for both Android and iPhone.

Here is the video of my session at OWASP AppSec Irvine 2010:

Dan Cornell, Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications from AppSec USA 2010 on Vimeo.

The slides are available here:

The code used to automate parts of the analysis can be found in the Google Code repository here:

Google Code Repository for Smart Phones Dumb Apps

Also, Colin Watson did a quick writeup on the presentation in Ireland.

This is an ongoing area of research for us so please keep an eye on the blog, Google Code and come see upcoming presentations at Austin LASCON 2010 and OWASP DC 2010.

Contact us for help developing and deploying secure smartphone applications.


dan _at_


Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.

10 Responses to "Smart Phones Dumb Apps: Slides and Code Online"

Leave a reply