AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, June 25

13:50 BST

OWASP Mobile Top Ten 2014 – The New “Lack of Binary Protection” Category
Recently, there has been a new addition to the OWASP Mobile Top Ten; a lack of binary protections. At AppSec California, OWASP debuted it and briefly highlighted examples of the threats to mobile devices in this category. In this talk I will discuss the new category in much more depth, exploring reasons why this risk category has now been included in OWASP’s Top Ten Mobile Security Risks.

In 2013, consumers downloaded more than 83 billion applications from app stores worldwide, with revenues totalling $25 billion. According to Portio research, this is expected to grow to over 200 billion downloads per year by 2017. It is clear that the App Economy is not only thriving, but is driving new app-centric products and services across multiple industries and with the continued adoption of mobile computing, the threats to mobile and applications is continuing to grow.

Based on research conducted by Arxan, we found that over half of the top 100 iOS apps had been hacked or tampered with and made available for download on third party app stores. This included 53 percent of Android, and 23 percent of mobile banking and payment applications.

The talk will specifically highlight the risks that a lack of binary protections poses to mobile applications on both iOS and Android platforms. The speaker will discuss how to leverage specific OWASP projects to solve these issues and secure apps from tampering. By the end of the talk, attendees will have a solid understanding of the risks associated with lack of binary protections and how to begin thinking about incorporating app risk mitigation solutions to protect their applications. Risk mitigation approaches discussed will include how to incorporate processes that harden an app against binary-level integrity and reverse-engineering attacks launched at rest and run-time. 

avatar for Jonathan Carter

Jonathan Carter

Application Security Strategist, Lending Club
Jonathan Carter is an application security professional with over 15 years of security expertise within Canada, United States, Australia, and England.  As a Software Engineer, Jonathan produced software for online gaming systems, payment gateways, SMS messaging gateways, and other... Read More →

Wednesday June 25, 2014 13:50 - 14:40 BST
Filter sessions
Apply filters to sessions.