I just got back from Dublin, Ireland where I attended OWASP AppSecEU 2011. I gave a training class on building secure mobile applications and testing the security of mobile applications and also did a presentation on different techniques for security testing mobile applications.
The slides from the presentation are online here:
During the presentation we looked at different techniques for security testing mobile applications:
- Static (both source code and binary)
Mobile security testing is different than web application security testing. Techniques like automated dynamic testing that can produce some quick and useful results for web applications do not necessarily provide the same immediate value for mobile apps. The presentation talks through some different approaches and where they can provide the most value. And for a bonus – all the photos in the presentation slide deck came from the Guinness Brewery Tour!
dan _at_ denimgroup.com