Mobile Application Security - Insights from a Penetration Tester

At Securus Global we have been seeing an increase in the security testing of mobile applications.

If you have deployed, are developing, or looking at mobile applications for your enterprise and/or your clients, come and join one of our upcoming Mobile Application Security Briefings.

These sessions will provide you with valuable insights from our perspective and experiences of performing security testing against mobile applications for Australian and International corporates. The sessions will also provide you with networking opportunities to discuss and share information with other peers from a wide range of industries.

• Sydney - Tues 2nd Oct @ 4pm
• Melbourne - Tues 9th Oct @ 4pm

For more information or to RSVP email: jacqui.henderson@securusglobal.com

Mobile Application Security:

Having been quick to embrace the latest-generation mobile technologies, Securus Global has several years experience in iPhone and Android security testing. Over the years, we have undertaken penetration tests of mobile applications from a variety of sectors, including major Australian financial institutions and media companies whose business depends on the security of their data.

To find out more about how we can help you identify risks and ensure that your mobile application and associated data are not compromised, visit: http://www.securusglobal.com/services/assessment-and-assurance-services/mobile-application-security-testing/

It has been quite a busy month down at the SG Community. Here are a few of the most popular posts.

Remember you can also Connect to us on LinkedIn and Subscribe to the SG Community to see new posts as they are posted.

How to: Intercept iPhone and iPad SSL connections that require a valid SSL certificate:

With the rising popularity of iPhone and iPad devices, we are running into more and more applications which require a valid SSL certificate for all connections. In order to properly assess the security of these applications, we need to intercept the SSL connections they make. This post shows our technique for doing this. Read More...

HTTPS in Abrupt:

For any of you who have ever played with the Android emulator, you may have noticed the following hiccup: when trying to establish an HTTPS connection – the browser tries to connect to the IP address of the server, rather than its FQDN. Even though in normal usage this is not a problem, it might still create some trouble when using classic HTTPS proxies (e.g. when performing security testing of an application). Read More...

If i had a dollar... (part 2):

After a too long hiatus, our popular list of things that we see go wrong on a regular basis is back. As I’m sat here writing this, I’ve obviously not had a dollar for every time that I’ve heard the following. I can only hope…

“An attacker wouldn’t know that”. Attackers are sneaky people. They generally know more than you think, and unfortunately for those defending against them they have time on their side. With enough effort and desire to compromise something, an attacker will know what they need to.

For more penetration and security myths Read More...

Tripwire
On 5th September, Tripwire announced three coordinated, crucial product enhancements that work as an integrated solution and enable organizations to dynamically connect IT security to the businesses and missions it serves. The new versions of Tripwire Enterprise, Tripwire Log Center, and Tripwire VIA Data Mart work together to help C-level executives and board members understand, assess and manage their organization’s security posture while enhancing the industry-leading products. For more information please contact us or visit our website on http://www.securusglobal.com/products/tripwire/

Introduction to AppArmor

The researchers at Azimuth recently released a new blog post on some common pitfalls in relation to AppArmor, which we found to be of interest. Below is the start of the article;

AppArmor is a path-based Mandatory Access Control (MAC) system implemented as a Linux Security Module (LSM) that allows administrators to define per-application profiles that restrict access to system resources. It's designed to be a "build-your-own-sandbox" solution with a policy language that is both flexible and easy to audit. AppArmor is part of the mainline Linux kernel, and both SUSE and Ubuntu (and their variants) enable profiles for several perceived high-risk binaries, including both services and client applications. Read More...