PDF-BDD Mobile security testing with OWASP MASVS

OWASP MSTG and Calabash About Me whoami Davide Cioccia Security Engineer ING Bank NL Italian leaving in the NL 7 years security experience Security magazines and OWASP MST. Vulnerabilities . and Auditing. Not just another statistic…. What we are going to cover…. Review of OWASP.org. OWASP Top 10. Web Application Audit Plan. 2. Highlights . - 2014 Symantec Internet . Projects Portal Launch!. Jason Li. Global Projects Committee. jason.li@owasp.org. AppSec. USA 2011. About the. The Prologue. OWASP Projects are:. Open Source. Freely Available. Anyone Can Start. Anyone Can Contribute. testin. g. tools . for web-based system. CS577b Individual Research. Shi-. Xuan. . Zeng. 04/23/2012. 1. Outline. Introduce security testing. Web . application/system . security testing. Web application/system security risks. Murat Lostar. About me. Murat Lostar. 1986 – Software development. 1992 – Network and systems . 1998 – Information security. 2009 – ISACA-Istanbul Founding President. 2013 – Cloud Security Alliance – Turkey Founding President. About Me. #. whoami. Davide. . Cioccia. Security Engineer @ ING Bank NL. Italian leaving in the NL . 7 years security experience. Security magazines and OWASP MSTG contributor. Focus. :. Mobile application security . i. nstructions . within. Release Candidate. Important Notice. RC. Request for Comments. OWASP plans to release the final public release of the OWASP Top 10 - 2017 in July or August 2017 after a public comment period ending June 30, 2017. . Robin Fewster. Introduction. Aim of this presentation to introduce basic application penetration testing techniques. .. It is not as difficult to get into as you might think – hopefully we will bust some myths.. OWASP : . Core. Mission. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit also registered in Europe as a worldwide charitable organization focused on improving the security of software. .  . Yaniv Simsolo. , CISSP. Image: Hubble Telescope: The cat’s eye nebula. OWASP Top 10 2013. OWASP . Top 10 – . 2013 has evolved:. 2013-A1 . – Injection. 2013-A2 . – Broken Authentication and Session Management. John Mitchell. CS 155. Spring 2017. Guest Lecture Tuesday June 6. Diogo. Mónica, . Director of security at Docker . Topics include container security and what it is like working as a security engineer  . John Mitchell. CS 155. Spring 2016. Outline. Introduction. Platforms. App market. Threats. Android security model . Apple iOS security model. Windows 7, 8 Mobile security model. Change takes time. Apple Newton, 1987. OWASP Bangladesh Chapter. Moshiul Islam, CISA- Founder Leader. Nahidul Kibria- Coordinator. . 10 years old OWASP Zipped in 50 minute. Nahidul kibria. nahidul.kibria@owasp.org. Twitter:@nahidupa. You kidding!. Stephen de . Vries. . @. stephendv. w. ith BDD-Security. About me. CTO Continuum Security. 16 years in security. Specialised. in application security. Author of BDD-Security framework. Security testing still stuck in a waterfall world. 1. AJ Dexter . Sr. Security Consultant. A little about me... Sr. Security Consultant at Cigital. Former Lead Mobile Security Architect @ US Bank.. Mobile Platform & Application SME. Mobile Development Liaison for Security.