Topics▪ About me▪ The buggy world▪ Where does your data go?Bogdan ALECU
About meBogdan ALECU▪ Independent security researcher▪ Sysadmin @ LEVI9▪ Passionate about security, specially when it’s related tomobile devices, CISSP, CEH, CISA,CCSP▪ #infosec conferences: DeepSec, DefCamp, EUSecWest▪ Started with NetMonitor, continued with VoIP and finallyGSM networks / mobile phones▪ @msecnet / www.m-sec.net / email@example.com
The buggy worldBogdan ALECU▪Developers▪Testers▪Customers▪How do you test?▪But is it enough?
The buggy worldBogdan ALECUREADY FOR SOMEREAL LIFE EXAMPLES?
The buggy worldBogdan ALECU▪ Try accessing the website while pretendingto be browsing from your mobile device▪ You would be surprised of the instantaccess you get▪ No luck? Try Googlebot!▪ If your log shows a sensitive access beingmade by GoogleBot, will you worry ?
The buggy worldBogdan ALECU▪ Those damn headers …DEMO time
Call to actionBogdan ALECU▪ Don’t rely on thing that most users have noidea how to check if your app is secure.You might meet someone like me and itwill get ugly ▪ Write your code in a secure way▪ Testers: learn how to really tests mobileapps. It’s not all about the usageexperience!
The end?!?Bogdan ALECUThank you all!Don’t forget about feedbackformswww.m-sec.net / @msecnet