Black Hat USA
August 2-7, 2014
Mandalay Bay, Las Vegas, NV
Black Hat Europe
October 14-17, 2014
Amsterdam Rai, The Netherlands
5/13/2014
01:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
Connect Directly
RSS
E-Mail
50%
50%

Black Hat USA 2014: Mobile PenTesting

The computers we carry in our pockets are as powerful as desktop PCs of only a few years ago, and we trust them with more and more critical information. But mobile devices have a plethora of their own security issues that threaten to disrupt this pocket-based computing utopia, which is where mobile penetration testing comes in.

AppSec Labs will be offering two different courses, covering the two major mobile operating systems. Over two days, both Android Application Hacking - PenTesting Mobile Apps and iOS Application Hacking - PenTesting Mobile Apps will get you up to speed on penetration testing of apps for each platform in question. Both cover broad topics like traffic analysis and manipulation, insecure data storage, hacking application packages, and analyzing runtime analysis -- but the hows, if not the whys, will vary based on your OS of interest. (If you just can't choose, the Android course is running twice, so you could take both!)

The OWASP Mobile Security Project aims to help developers create secure mobile applications, with a focus on, not just end-user apps, but the server-side infrastructure apps communicate with, as well as cloud platform-specific features. Now the project's leads are spinning their mobile security expertise into a two-day pentesting Training called Advanced Mobile Penetration Testing with OWASP MobiSec. If you're down for some intense, lab-driven learning about techniques, tools, and methodologies for testing iOS, Android, and web-based applications, then there’s a seat for you in this training.

Ready to register? Early-bird rates are available until June 2. Please visit Black Hat USA 2014's registration page to get started.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.