Common Security Pitfalls for Mobile Apps in the Enterprise

Location:

Grand Ballroom B/C

Track:

Time:

Tuesday, 4:05pm - 4:55pm

Abstract:

In this talk, we'll deep dive common pitfalls app developers make, showing the top 5 app developers' mistakes we've encountered from a variety of apps, including some of the most popular ones. We will examine the mistakes in technical detail, highlighting risks from both the consumer and developer perspective, by looking at the code that creates the behavior, and the actual observed behavior from dynamic analysis.

These mistakes often lead to risky app behaviors, and with corporate environments becoming increasingly aware of the apps their employees bring inside their work place, lead to the creation of policies that blacklist apps that contain risky behaviors. Apps of all kinds, even unrelated to the work environment, can have a negative effect on the user if they misbehave. We'll close the discussion on how to avoid these common mistakes for app developers and how to be more aware of apps in your corporate environment and how they behave.

Kevin Watkins

Kevin Watkins is the CTO and part of the founding team at Appthority, The Authority in App Security™. Prior to founding Appthority, Kevin Watkins served as the Research Architect at McAfee Labs. His research focus has been on automation of content to regulatory frameworks, VoIP content compliance (to which he works with working groups to define VoIP security standards), and designing research tools for mobile malware. At McAfee he was considered the mobile expert and is often called upon for analysis, media interviews, and to speak at industry conferences.

Steve Hanna

Steve Hanna is the lead research scientist of Appthority. He received his Ph.D. and Master's Degree in Computer Science from University of California Berkeley and his Bachelor of Science in Computer Engineering from the University of Illinois at Urbana Champaign. His research expertise lies in computer security through the lens of program analysis, systems building, and the evaluation of emerging technologies for security vulnerabilities and defences.