Conference archive


Tuesday, April 19, 2016 - 8:30am to 12:00pm

Security Testing Mobile Applications

The sensitive nature of personal information stored on smart devices makes security testing vital when building mobile applications. Cliff Berg explores the unique characteristics of mobile devices—how they store data, the fluid trust boundaries between applications, and the unique aspects of device security models. Learn about the many different threat types and use cases that make security testing mobile applications so challenging. Cliff offers hints and tips for comprehensive security testing of mobile applications during the development process, sharing when and where in that process to perform each type of testing. Tips include how to test for data privacy, secure session management, and the presence of malicious applications. Take back approaches for finding traditional application security vulnerabilities that may be present in mobile applications. Leave with an understanding of what it takes to security test your mobile applications and practical knowledge to make your mobile apps more secure.

Bryan Batty

Bryan Batty brings more than ten years of software engineering experience to Coveros. His development experience includes .NET, Java, and Ruby. He has been increasingly involved in application security, including coaching development teams on secure coding, pushing security practices farther left in the development lifecycle, and automating security where practical. Over the past year, Bryan has gained expertise in a DevOps engineering role where he develops and maintains automation scripts to dynamically test code, spin up and provision servers, create auto-scaling groups and load balancers, and, deploy applications to their staged environments. As an experienced IT consultant, Bryan has brought technical solutions to a variety clients in both the federal space and commercial space. He enjoys learning the business models within various industries, as well as solving the unique technical challenges discovered within. When he is not working on projects, Bryan helps organize the Washington, DC chapter of OWASP, where he helps bring together DC-area IT professionals monthly to discuss application security. In 2016, he finds himself on the planning committee for OWASP’s flagship conference, AppSec USA, to be held in Washington, DC in October 2016.