As the need to develop for multiple mobile platforms increase, so has the need to outsource mobile development.  There are software security concerns from mobile hacking that you should be aware of as you build your list of security requirements for your app.  For some of you, security may not be the top concern but…

A short while back we released ExploitMe Mobile (EMM), our free, open source project demonstrating common Mobile Security vulnerabilities  in the iOS and Android platforms. ExploitMe Mobile is a training platform built based on the common Mobile Security and Application Security pitfalls. The objectives of the ExploitMe Mobile training platform are: Capture the common security…

This year at the RSA Conference HP officially released its annual Cyber Risk Report. This report is one among many industry reports that individuals and companies who are concerned about security should pay attention to. By paying attention to these trends your company will be better able to secure your IT assets and more effectively allocate IT…

We work on security assessments daily and see common trends on every engagement.  Recognizing these changes helps us keep on the edge of the security assessments and provides us the insight to give back to the community including our research in Mobile tools (ExploitMe Mobile) and NFC. I’m extremely pleased to say that this year,…

Salut à tous, We are pleased to announce that we will be presenting our “Exploiting and Defending Mobile” training course @CanSecWest. Our “Exploiting and Defending Mobile” training will provide you with two days of insight into the world of mobile hacking. The course is designed to keep a balance between theoretical knowledge & practical experience….

By Nish Bhalla and Nima Dezhkam There are many frameworks that industry has and regulations have tried to put together to help organizations follow and succeed in securing their environment. Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the…

Nish Bhalla and I were at Countermeasure 2012 conference in Ottawa. Please click here to download the presentation.

Today, Yuk Fai Chan and I presented “Bust a Cap in a Mobile App” at the CTE Solutions Cloud Seminar Day.  The abstract of the talk was: Enterprises realize the efficiency in which employees operate by using mobile apps and allowing employees to bring their own smartphones to the workplace, a merging of enterprise and…

Introduction In a typical run-time web application security assessment, we often use an HTTP proxy to intercept and manipulate client-server traffic. For web applications, configuring browser settings to get proxying started is pretty straightforward. However, for mobile applications, mobile platforms/operating systems (e.g. Android, BlackBerry) do not necessarily support proxying application traffic natively. This guide will…

At Security Compass, we have been working hard to expand our training offerings. We’re most excited about our new Mobile Hacking and Security course. If your organization is working with mobile applications this course is a fantastic primer on how mobile apps can be hacked, and how your teams can defend against these software defects. We’ll…