29 April 2012

Security B-Sides London and Mobile Phone Apps

On Wednesday (25th April 2012) I attended Security B-Sides London, held at the rambling and inelegant Barbican Centre in central EC1, and which overlapped with the schedule for Infosec Europe way out on the west side of London.

Photograph of David Rook speaking at Security B-Sides London

I must say the two cinemas used for the day's presentations were most suitable, with good visibility, clear sound systems and comfortable seating. The organisers should be thanked for planning and executing such a great day. Every session I went to was of a high quality and in each I learned new things. I listened to Stephen Bonner talking about elegant security, Ian Maxted about social engineering, Thorn Langford about site-based risk assessments, Brian Honan on getting the security message across to senior management, Abraham Aranguren on exploratory web application testing and Sandro Gauchi on escalating privileges in web applications.

However, I'd like to focus on two mobile phone app related sessions by David Rook (aka Security Ninja). David is well known for his generous contributions to the application security community, especially his efforts to promote secure development principles, Agnitio the code review tool and Windows Phone App Analyser.

His presentation about Windows Phone 7 Platform and Application Security Overview was the only talk I actually took extensive notes at during the day. Following an introduction to Windows 7 place in the market and development using Visual Studio using the .Net compact framework, he discussed platform and application security in detail. Wonderful. It will save me days of research. I think he mentioned on Twitter, that the slides will be made available online shortly.

Mid-afternoon I attended his workshop on using his self-built software tool Agnitio, which helps arrange, track and monitor code review processes within development teams. The focus of the workshop was to walk through version 2.1 and especially the in-built code searching and examination functions. These can be used to help identify higher-risk functionality, or code which has to meet development guidelines, using a powerful extensible list of patterns cross-referenced to the code review checklist items. The tool has improved greatly since I last reviewed it in 2010, and I am looking forward to using it to develop custom checks for some of my clients. I was very impressed with its ability to decompile Android code and then run a standard set of tests against it.

Both Agnitio and Windows Phone App Analyser are free to download and use.

David Rook had won SC Magazines' Rising Star Award the previous evening. It was much deserved, and I must say reflects very well on Realex Payments who appear to be supportive of his activities to improve application security — and clearly not just within their own company, but for their customers, competitors and the wider market. I am sure many other companies would not be so enlightened.

Posted on: 29 April 2012 at 20:52 hrs

Comments Comments (1) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

There is another write up of David Rook's Windows 7 Mobile talk on The Register at http://www.theregister.co.uk/2012/04/30/window_mob...
1 Added by Clerkendweller Posted on 01 May 2012 at 07:12 hrs
Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Security B-Sides London and Mobile Phone Apps
http://www.clerkendweller.com/2012/4/29/Security-BSides-London-and-Mobile-Phone-Apps
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2012/4/29/Security-BSides-London-and-Mobile-Phone-Apps
Requested by 54.226.46.21 on Wednesday, 23 April 2014 at 20:31 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2012-2014 clerkendweller.com