Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, January 26 • 2:00pm - 2:50pm
Integrating Mobile Devices into Your Penetration Testing Program

Sign up or log in to save this to your schedule and see who's attending!

Though still an imperfect science in many ways, penetration testing is often our only way of assessing the effectiveness of our security programs against actual attackers. As mobile devices enter the enterprise en masse, much focus has been on securing them and limiting the risk of BYOD using EMM, MDM, MIM, pick your favorite security control acronym. While many shops are engaging in code review, static analysis, pentesting, etc. against custom mobile applications built in house, even enterprises with mature security programs are often ignoring mobile devices and the surrounding infrastructure in their security testing. It seems like common sense to provide adequate security testing for all devices on corporate networks, particularly when spending large chunks of budget on security controls around BYOD. If we have a DoS protection, we put it in front of staging and hit it with DoS attacks. If it falls down, the control is not providing return on investment. If we have a patch management practice we make sure there are no missing patches leading to compromise during our penetration tests, and if there are, we augment our security program accordingly. We need to be doing the same around mobile. How secure are these devices really against attack? If they are compromised what data on the device is in jeopardy? What other assets in the enterprise are now at risk of attack from the compromised mobile device? By using traditional penetration testing techniques augmented for the unique attack vectors for mobile devices we can assess these risks and get a clear picture of the risk of BYOD in the environment. In this talk we will discuss techniques along with live demonstration scenarios of penetration tests on mobile devices and the surrounding infrastructure. From mobile phishing to undermining security controls to using compromised mobile devices as pivot points, the mobile risk is real and we need to be simulating it in our security testing. We will discuss how these techniques can augment and extend penetration testing and how they can be seamlessly integrated into your existing security program.  

Speakers
avatar for Georgia Weidman

Georgia Weidman

Founder and CEO, Bulb Security and Shevirah Inc.
Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has provided training at conferences such as Blackhat USA, Brucon, and Security Zone to excellent reviews. Georgia founded Bulb Security LLC, a security consulting... Read More →



Attendees (10)