Aditya Gupta - Mobile App Security, Common pitfalls in mobile apps

Mdevcon 2016: Aditya Gupta – Mobile App Security, Common pitfalls in mobile apps

February 17th, 2017

This talk was presented at Mdevcon 2016.

Mobile Application security is an ever growing problem. This talk will focus on common developer mistakes in the security of Mobile Applications, and how it leads to the mobile application being vulnerable and the data being compromised. The talk focuses on various aspects of security for Android and iOS platforms – from a developer perspective.

This talk comprises of a number of experiences from the presenter’s work – both as a Developer, as well as a Security Consultant – and the findings and case studies. As a developer, getting app out to the users is the first priority. As a result of which security is often an afterthought. This talk discusses about how as a developer, you can integrate security into your Development process – without the use of commercial or expensive tools.

The talk will also compromise of a number of demos and practical case studies which will provide attendees a good insight on kind of vulnerabilities found in Mobile Applications.

Aditya Gupta (@adi1391) is the Founder and CEO of Attify, a mobile security firm, and a leading mobile security expert and evangelist. Apart from being the lead developer and co-creator of Android framework for exploitation, he has done a lot of in-depth research on the security of mobile and hardware devices, including Android, iOS, and Blackberry, as well as BYOD Enterprise Security.

He is also the author of the popular Android security book “Learning Pentesting for Android” selling over 5000+ copies, since the time of launch in March 2014. He has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe, Skype, and many more. He has also published a research paper on ARM Exploitation titled “A Short Guide on ARM Exploitation.”

In his previous work at Rediff.com, his main responsibilities were to look after web application security and lead security automation. He also developed several internal security tools for the organization to handle the security issues.

He has also previously spoken and trained at numerous international security conferences including Black Hat, Syscan, OWASP AppSec, Toorcon, Clubhack, Nullcon etc, along with many other corporate trainings on Mobile Security.