background image

Christian Papathanasiou: Jackpotting Mobile Apps

Christian Papathanasiou

Abstract: Since unveiling the very first Google Android kernel-level rootkit at DEFCON 18, Christian has diverted his attention to something closer to the end-user experience – mobile applications themselves. The outcome of this research has been quite interesting and paints a very bleak picture of the current stance of mobile application security.

Christian will demonstrate 0day vulnerabilities relating to insecure mobile application development; the humorous and very much financially damaging implications of such attacks.

Common application security mistakes that have been transposed into the mobile application world provide rich pickings for security researchers bored of <script>alert(1)</script>.

Thankfully, the OWASP top 10 mobile application security controls for developers come to the rescue and provide the right backdrop to which we can demonstrate what developers should have done before unleashing their apps to the world in a rush to tap into uncharted blue oceans.

Speaker Bio:

Christian is the Penetration Testing lead for global website security at a large financial services organisation.

Christian is a member of the OWASP Global Industry Committee and the OWASP Cyprus Chapter Leader, a contributor to the OWASP Mobile Security project and a contributing author of the European Network Information Security Agency (ENISA) Smartphone Secure Development Guidelines for App Developers.

Christian has presented at thought leading conferences such as Black Hat and DEFCON. His research has been featured by many news organizations including: Forbes, Reuters, Slashdot, Tech Herald, Computerworld, ZDNet, CSO Magazine, Dark Reading, Threatpost, CNET and eWeek.

Christian co-organises AthCon – the first and foremost technical IT Security conference in Athens, Greece. More info: http://www.athcon.org

Christian holds a MSc with Distinction in Information Security from the Information Security Group at Royal Holloway, University of London and a CISSP. Christian is also a qualified Chemical Engineer having graduated with a MEng(Hons) in Chemical Engineering from UMIST.