by Anant Shrivastava (@anantshri) on Tuesday, 8 September 2015

+11
Vote on this proposal
Status: Submitted
Section
Enterprise - Full talk (45 minutes)

Technical level
Intermediate

Objective

I have been performing security testing on android applications since 2010 onwards. If we look at the aggregated results, we see a common pattern. This talk will focus on that pattern and provide and understanding of common android security issues steming from insecure coding practices. the talk will focus on top 5 of these practices.

Description

This talks is a consolidation of my own experiance over a range of 5-6 years of android application analysis from security standpoint. I have been performing android security testing both as part of my daily job as well as part of my part time projects like codevigilant and android tamer. I have also been training people on android security from past many years. Due to the virtual of above two i get to see wierd and worrysome codebases. We have been identifying patterns stemming from insecure coding practices and this talk will focus on giving people and insight about those issues and various ways in which these issues could be mitigated.

(will add more details later)

Requirements

Basic understanding of Android Application development process.
You should bring a laptop configured with android studio if you wish to parallelly experiment with the stuff being demonstrated on stage.

Speaker bio

Anant Shrivastava is an information security professional with 7+ yrs of corporate experience with expertise in Mobile, application and Linux Security. He has trained (~300 delegates) and spoken at various conferences (BlackHat USA-2015, Nullcon-2015, c0c0n-2014 , RootConf-2014, g0s-2013, c0c0n-2013, Nullcon-2012, c0c0n-2012, clubhack-2011, c0c0n-2011). He holds various industry recognized certifications such as SANS GWAPT (GIAC Certified Web Application Testing) and RHCE (RedHat certified Engineer). Co-author for OWASP Testing guide version4. He is credited with multiple responsible public disclosures (refer www.osvdb.org/creditees/10234-anant-shrivastava). He also maintains an Android Security distribution called Android Tamer (www.androidtamer.com) and also runs an responsible disclosure program for open source softwares under the name CodeVigilant (www.codevigilant.com).