Secure Mobile Application Development: a Non-Traditional Approach

Abstract: Traditional mobile application development processes stress on convenience more than security usually because implementing security is considered time consuming. Unfortunately, this also makes mobile applications a good target for hackers. This session will show the extent of threats posed by hackers that stem from mobile application vulnerabilities and also discuss how to prepare the first line of defence – by training developers to identify and have a plan to deal with potential vulnerabilities.

The session will start by describing the major challenges and business risks involved in mobile apps development. It will move on to the various ways by which clients’ mobile applications may be attacked, and how their devices may be compromised. The presentation will stress on the “development risk” that arises due to the unique nature of mobile usage and the ramifications of not controlling this risk. It will then focus on the dos and don´ts associated with the secure design and development of mobile apps. It will quickly touch upon the key areas to consider during mobile apps development and cover how it differs from traditional application development.

The session will cover the reactive and proactive ways of handling mobile applications development, the importance of following a well-defined secure development lifecycle approach for mobile devices. It will conclude with ideas on how to mitigate significant threats like insecure data storage on mobile devices and mobile application servers, mobile device operating systems and platform issues, communications channels issues– SMS, IP connections, USSD channels and device lost/theft case scenarios.

Benefits:

    • The session will cover the reactive and proactive ways of handling mobile applications development, the importance of following a well-defined secure development lifecycle approach for mobile devices.
    • Detailed demonstration of major threats will give hands-on for mobile applications on major mobile platforms – Android, iOS, J2ME, Blackberry
    • Covering latest threats, attack vectors, tests cases
    • Detailed best practices will be good takeaway for the audiences
    • It will conclude with ideas on how to mitigate significant threats, detailed test approaches and case studies will help audience to possess new skills.

Speaker's Profile

Suhas

Suhas Desai,
Practice Lead: Mobile Security Services,
Aujas


Suhas leads mobile security services at Aujas with extensive experience in the mobile payments, enterprise and B2C mobile apps security. He is a frequent speaker at prominent industry and customer forums. Suhas has been on the technical advisory committees for many prestigious international conferences including RSA 2013 Singapore, and STeP-IN 2013, Bangalore.

He has delivered noted sessions at OSSPAC’09, Singapore; INTEROP 2009 & 2012, Mumbai; ‘MOSC 2010’, KL; ‘Mobile VAS in Growth Markets summit’, 2010, Dubai; ‘4th Mobile Commerce Summit ASIA’, 2011, KL and at ‘CommunicAsia 2012’,Singapore. He also contributes features for Linux for You and Linux Journal magazines.