In many ways, this book is a wake-up call for anyone who uses a mobile device. The world-in-the-palm-of-your-hands power that these devices convey has a dark side in the event of loss or theft. This book will show you that dark side, and how to get out. We focus particularly on the needs of: Mobile app developers • Corporate IT staff • IT consultants • Technology managers and leaders • End-users
Mobile is living up to the hype as the next great technology revolution, rivaling the Internet in its game-changing impact. Of course, with great change comes potential risk—is there a magic bullet to secure the inevitable adoption of mobile everywhere? This book presents the latest mobile security trends and observations from the field by some of the leading practitioners in mobile security worldwide.
This book shows you how to meet the mobile security challenge with the two-pronged approach adapted from the original Hacking Exposed. First, we catalog the greatest threats your mobile deployment will face and explain how they work in excruciating detail. Once we have your attention by showing you the damage that can be done, we tell you how to prevent each and every attack.
Neil Bergman is a senior security consultant at Cigital. He has been involved in leading and conducting penetration testing, code review, and architecture risk analysis of critical applications for industry-leading financial and software companies. Neil has conducted security assessments on a multitude of mobile platforms such as Android, iOS, and RIM in addition to conducting numerous assessments against web services, web applications, and thick clients. His primary areas of interest include mobile and web application vulnerability discovery and exploitation. Neil graduated from James Madison University with a master’s degree in Computer Science and received a bachelor’s degree in Computer Science from North Carolina State University.
Mike Stanfield joined Cigital in 2012 as a security consultant. As part of Cigital’s mobile security practice, Mike has specialized in application security assessments and penetration testing involving the iOS, Android, and Blackberry platforms, and has been involved with the development and delivery of Cigital’s mobile software security training offerings. He also has experience working with mobile payment platforms, including GlobalPlatform/Java Card applet security and development. Prior to joining Cigital, Mike was the head of Information Technology for the Division of Student Affairs at Indiana University. He also worked as a grant analyst for the Office of Research Administration at Indiana University, where he was involved with the development of the open source Kuali Coeus project. Currently residing in Manhattan, Mike studied Security Informatics at Indiana University and holds a bachelor’s in Anthropology from Indiana State University.
Jason Rouse brings over a decade of hands-on security experience after plying his craft at many of the leading companies in the world. He is currently a member of the team responsible for the security of Bloomberg LP’s products and services, exploring how to reinvent trusted computing and deliver on the promise of ubiquitous biometrics. Jason is passionate about security, splitting his time between improving Bloomberg’s security capabilities and contributing to cutting-edge security projects around the world. In his spare time, he has chaired the Financial Services Technology Consortium committee on Mobile Security and worked to elevate mobile security through his professional contributions. Prior to his work at Bloomberg, Jason was a principal consultant at Cigital, Inc., an enterprise software security consulting firm. He performed many activities at Cigital, including creating the mobile and wireless security practice, performing architecture assessments, and being a trusted advisor to some of the world’s largest development organizations. Prior to Cigital, Jason worked with Carnegie Mellon’s CyLab Security Research Lab, creating next-generation mobile authentication and authorization frameworks and expanding the state of the art in computer security. Currently residing in Manhattan, Jason holds both a BCS and MCS from Dalhousie University, Canada.
Joel Scambray is a Managing Principal at Cigital, a leading software security firm established in 1992. He has assisted companies ranging from newly minted startups to members of the Fortune 500 address information security challenges and opportunities for over 15 years.
Joel’s background includes roles as an executive, technical consultant, and entrepreneur. He co-founded and led information security consulting firm Consciere before it was acquired by Cigital in June 2011. He has been a Senior Director at Microsoft Corporation, where he provided security leadership in Microsoft’s online services and Windows divisions. Joel also co-founded security software and services startup Foundstone, Inc., and helped lead it to acquisition by McAfee in 2004. He previously held positions as a manager for Ernst & Young, security columnist for Microsoft TechNet, editor at large for InfoWorld Magazine, and director of IT for a major commercial real estate firm.
Joel is a widely recognized writer and speaker on information security. He has co-authored and contributed to over a dozen books on IT and software security, many of them international bestsellers. He has spoken at forums including Black Hat, as well as for organizations including IANS, CERT, CSI, ISSA, ISACA, SANS, private corporations, and government agencies including the FBI and the RCMP.
Joel holds a BS from the University of California at Davis, an MA from UCLA, and he is a Certified Information Systems Security Professional (CISSP).
The ancient debate: start with page one or jump to the good parts? We say: both!
Clearly, this book could be read from start to finish for a soup-to-nuts portrayal of mobile application security testing and remediation. However, true to the original Hacking Exposed model, we have attempted to make each chapter stand on its own, so the book can be digested in modular chunks, suitable to the frantic schedules of our target audience.
Moreover, we have strictly adhered to the clear, readable, and concise writing style that readers overwhelmingly responded to in Hacking Exposed. We know you’re busy, and you need the straight scoop without a lot of doubletalk and needless jargon. As a reader of Hacking Exposed once commented, “Reads like fiction, scares like hell!”
We think you will be just as satisfied reading from beginning to end as you would piece by piece, but it’s built to withstand either treatment.