By Dan Cornell

I just got back from two weeks traveling to Los Angeles (Irvine) and Dublin, Ireland for OWASP conferences where I gave my talk “Smart Phones Dumb Apps”  The talk looks at a generic threat model for a smartphone application and then walks through how attackers can take the applications apart with examples for both Android and iPhone.

The slides are available here:

The code used to automate parts of the analysis can be found in the Google Code repository here:

Google Code Repository for Smart Phones Dumb Apps

Also, Colin Watson did a quick writeup on the presentation in Ireland.

This is an ongoing area of research for us so please keep an eye on the blog, Google Code and come see upcoming presentations at Austin LASCON 2010 and OWASP DC 2010.

Contact us for help developing and deploying secure smartphone applications.

--Dan

dan _at_ denimgroup.com

@danielcornell