Mobile apps security. Beyond XSS, CSRF and SQLi
About This Session
This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices. Usually developers take into account the well-known vulnerabilities such as SQLi, XSS, CSRF, etc. forgetting about those impacting specifically the mobile platform. We will make an emphasis on all those other issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc.Time: 1:45 PM Saturday Room: 5502
The Speaker(s)
Martin Vigo
Product Security Engineer , Salesforce.com
Martin Vigo is a Product Security Engineer with a special interest in Web and Mobile Security. He also has extensive background as a Software Engineer with over 5 years of work experience. Martin does penetration testing for a living but also likes to hunt for security issues in his spare time. He enjoys the challenge of finding vulnerabilities in mobile apps he uses on a daily basis and has been acknowledged by several companies for doing a responsible disclosure of his findings.
Sergey Gorbaty
unassigned , Salesforce
Sergey is a Sr. Product Security Engineer at salesforce.com focusing on mobile, authentication and web security. His background also includes working as a Software QA Engineer for over 4 years. At salesforce.com Sergey collaborates with other engineers on secure design and architecture of applications, services, API and mobile frameworks. Tennis and doing security research are Sergey's favorite past times.