Black Hat USA
August 2-7, 2014
Mandalay Bay, Las Vegas, NV
Black Hat Europe
October 14-17, 2014
Amsterdam Rai, The Netherlands
5/13/2014
01:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
Connect Directly
RSS
E-Mail
50%
50%

Black Hat USA 2014: Mobile PenTesting

The computers we carry in our pockets are as powerful as desktop PCs of only a few years ago, and we trust them with more and more critical information. But mobile devices have a plethora of their own security issues that threaten to disrupt this pocket-based computing utopia, which is where mobile penetration testing comes in.

AppSec Labs will be offering two different courses, covering the two major mobile operating systems. Over two days, both Android Application Hacking - PenTesting Mobile Apps and iOS Application Hacking - PenTesting Mobile Apps will get you up to speed on penetration testing of apps for each platform in question. Both cover broad topics like traffic analysis and manipulation, insecure data storage, hacking application packages, and analyzing runtime analysis -- but the hows, if not the whys, will vary based on your OS of interest. (If you just can't choose, the Android course is running twice, so you could take both!)

The OWASP Mobile Security Project aims to help developers create secure mobile applications, with a focus on, not just end-user apps, but the server-side infrastructure apps communicate with, as well as cloud platform-specific features. Now the project's leads are spinning their mobile security expertise into a two-day pentesting Training called Advanced Mobile Penetration Testing with OWASP MobiSec. If you're down for some intense, lab-driven learning about techniques, tools, and methodologies for testing iOS, Android, and web-based applications, then there’s a seat for you in this training.

Ready to register? Early-bird rates are available until June 2. Please visit Black Hat USA 2014's registration page to get started.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web
Dark Reading Radio