Smart Phones Dumb Apps: Slides and Code Online


I just got back from two weeks traveling to Los Angeles (Irvine) and Dublin, Ireland for OWASP conferences where I gave my talk “Smart Phones Dumb Apps”  The talk looks at a generic threat model for a smartphone application and then walks through how attackers can take the applications apart with examples for both Android and iPhone.

Here is the video of my session at OWASP AppSec Irvine 2010:

Dan Cornell, Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications from AppSec USA 2010 on Vimeo.

The slides are available here:

The code used to automate parts of the analysis can be found in the Google Code repository here:

Google Code Repository for Smart Phones Dumb Apps

Also, Colin Watson did a quick writeup on the presentation in Ireland.

This is an ongoing area of research for us so please keep an eye on the blog, Google Code and come see upcoming presentations at Austin LASCON 2010 and OWASP DC 2010.

Contact us for help developing and deploying secure smartphone applications.


dan _at_


Posted via email from Denim Group’s Posterous

About Dan Cornell

Dan Cornell has over fifteen years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader. Dan has speaks at such international conferences as RSA, ROOTs in Norway and OWASP AppSec EU.

10 Responses to "Smart Phones Dumb Apps: Slides and Code Online"

Leave a reply