Eric Johnson
Senior Security Consultant @ Cypress Data Defense
Eric Johnson (Twitter: @emjohn20) is a Senior Security Consultant at Cypress Data Defense, Application Security Curriculum Product Manager at SANS, and a certified SANS instructor. He is the lead author and instructor for DEV544 Secure Coding in .NET, as well as an instructor for DEV541 Secure Coding in Java/JEE. Eric serves on the advisory board for the SANS Securing the Human Developer awareness training program and is a contributing author for the developer security awareness modules. Eric's previous experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research, and developing security tools. He completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications.
Presentations
With over 3 million apps now deployed in the Apple and Google Play app stores, the importance of mobile application security assessments is at an all time high. With business critical mobile apps handling payment card, healthcare, and financial information on end user devices, organizations are vulnerable to an entirely new class of mobile software vulnerabilities. As the bad guys shift their focus towards attacking mobile applications, defenders are struggling to keep up.
We will discuss some common issues often found in mobile application vulnerability assessments, such as local data storage, inter-process communication (IPC), and broken cryptography. Then, show you mitigation strategies to apply to your organization’s mobile apps.