This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, May 12 • 12:25 - 13:10
Fixing Mobile AppSec: The OWASP Mobile Project

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Even though modern mobile operating systems like iOS and Android offer great APIs for secure data storage and communication, those APIs have to be used correctly in order to be effective. Data storage, inter-app communication, proper usage of cryptographic APIs and secure network communication are only some of the aspects that require careful consideration.

The OWASP Mobile Application Verification Standard (MASVS) is an attempt to standardize mobile app security requirements using different verification levels. Complementary to the MASVS, we are developing a Mobile Security Testing Guide (MSTG) that provides detailed test cases for each requirement. 

In this talk, we introduce both the MASVS and MSTG, and discuss the many challenges we faced during development, from dealing with the diversity and fragmentation of the Android ecosystem to clarifying the role of software protections in mobile security.

avatar for Bernhard Mueller

Bernhard Mueller

Bernhard is a cyber security specialist with a talent in hacking all kinds of systems. During more than a decade in the industry he has published many bugs and papers in a variety of fields including Internet protocols, web apps, mobile operating systems, WAFs and others. If you... Read More →
avatar for Sven Schleier

Sven Schleier

Sven is a mobile security thought leader with over seven years of hands-on experience in application penetration testing, network penetration testing and source code review. In his role as an application security architect at Vantage Point Security, he has supported and guided ma... Read More →

Friday May 12, 2017 12:25 - 13:10
Waterfront Center: Hall 1B

Attendees (29)