Apple's AppStore continues to grow in popularity, and iOS devices continue to have a high perception of security from both users and experts. However, applications on the AppStore often have security or privacy flaws that are not apparent, even to sophisticated users. Security experts can find these flaws via manual tests, but the enormity of the AppStore ensures that only a small minority of apps could ever be manually tested.
This presentation will demonstrate a new tool and methodology to perform automated or semi-automated assessment of iOS applications and assist with manual testing. In addition, our findings about the prevalence of different types of security issues in iOS applications will be discussed, giving a window into the risks of trusting your data to products on the AppStore.
Justin Engler is a Senior Security Consultant for FishNet Security's Application Security practice. His focus is on the security of web applications, mobile devices, web-backed thick clients, databases, and industrial control systems. Justin has previously spoken at BlackHat USA and DefCon.
Seth Law is a Principal Consultant for FishNet Security in Application Security. He spends the majority of his time breaking web and mobile applications, but has been known to code when the need arises. Seth is currently involved in multiple open source projects (including RAFT) and is working with others to advance the state of mobile security testing tools. He has spoken previously at Blackhat, Defcon, and other security conferences.
Joshua Dubik is a Security Consultant for FishNet Security's Application Security practice. His focus is on the security of web, mobile and desktop applications. Previously, Joshua worked as a developer for several organizations including the United States Coast Guard. Joshua is currently working on the iOS Application Assessment Tool.
Over 10 years of IT experience. 5 yrs of experience in AppSec and Mobile Security. Currently on the Mobility team at FishNet Security working with MDM and Mobile Security. CISSP