August Meeting- OWASP iMAS: iOS Application Defense

Our meeting will be held on August 15, 2013 at LivingSocial's Reston location. Food and drinks will be provided as always.

This month, our presenter is traveling from Boston to present work performed on the iMAS framework that his team has provided for the OWASP Mobile Security Project.

Fire talks are always welcome, as well. If you have something you want to share with the group (tool, technique, current events, etc.) bring it with you and don't worry about slides.

Abstract: iMAS- iOS Application Defense

iOS application security can be much stronger and easy for developers to find, understand and use. iMAS (iOS Mobile Application Security) - is a secure, open source iOS application framework research project focused on reducing iOS application vulnerabilities and information loss. Today, iOS meets the enterprise security needs of customers, however many security experts cite critical vulnerabilities and have demonstrated exploits, which in turn pushes enterprises to augment iOS deployments with commercial or custom solutions. The iMAS intent is to protect iOS applications and data beyond the Apple provided security model and reduce the adversary’s ability and efficiency to perform recon, exploitation, control and execution on iOS mobile applications. iMAS has released five security controls (researching many more) for developers to download and use within iOS applications. This talk will walk through various iOS application vulnerabilities, iMAS security controls, OWASP Mobile top 10 and CWE vulnerabilities addressed.

https://www.owasp.org/index.php/OWASP_iMAS_iOS_Mobile_Application_Security_Project

Bio:
Gregg Ganley is a mobile security researcher at the MITRE corp and is currently the Principal Investigator on the iOS Mobile App Security (iMAS) research project. Gregg has been working in the mobile field for the past 6 years which has included iOS security, forensics, and app development, Java Android mobile application security development and forensic expertise. Gregg also develops Ruby/Rails web applications and prototypes for various government agencies.