Welcome to the Mobile Security track! This track is focusing mainly on the following two documents that were created as part of the OWASP Mobile Security Testing Guide (MSTG) project:
- The Mobile Application Security Verification Standard (MASVS) establishes a framework of security requirements needed to design, develop and test secure mobile apps on iOS and Android.
- The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the MASVS.
Slack
Please also join our slack channel (especially if you are a remote participant):
- Register an account on the Open Security Summit Slack
- Join our Slack Channel
Why
We, the OWASP Mobile Security team, love the OWASP Summit. That time of the year when we come together, all in one place, and forget about the rest of the world (literally as we’re in the middle of a forest). Forget about companies / business and concentrate on making the mobile security world a better place. To achieve this we tirelessly work on the MSTG to make it even more awesome as it is already.
What
Imagine being in the same room as these people who share your same passion:
- the main authors of the MSTG and MASVS
- security engineers
- experienced pentesters
- researchers
- …
All working together on mobile security topics:
- creating new content for the MSTG
- researching together on the latest cutting-edge iOS and Android security topics
- learning and sharing knowledge with other experts and beginners
Our working sessions are ticket based, just take the one you like or you’ll get one assigned depending on your level of expertise. We want to start the summit with a focus on the following milestones:
Once you start you’ll not only have the chance to do a great contribution but also to drive interesting discussions with the rest of the participants.
This year we want to focus on the values that made the first summit a great oppertunity: learning through contributing!
Everyone is welcome! If you’re already experienced you’re probably familiar with the issue that you cannot find any trainings/events on mobile security advanced topics that matches your level. Here you’ll be able to work hand in hand with people sharing your passion, interest and close to your experience level. One can always learn so much from doing research and being guided by other people (experts or not). If you enjoy sharing your knowledge you’ll have the chance to do so at the best working atmosphere. If you’re a beginner this is THE PLACE to start!
Cannot come over? Join us remotely! You may want to attend the presentations about onboarding or a 101. Otherwise: contact us, grab a ticket, enjoy the ride! We would love to guide you in your contribution and will take on PRs from morning till early evening (21:00).
Check the scheduled sessions below.
Schedule
Total sessions for this track: 22
| Monday | Tuesday | Wednesday | Thursday | Friday | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
| |||||||||||||||||||
|
|
|
|
|
| ||||||||||||||||||
|
|
|
|
|
| ||||||||||||||||||
|
|
|
|
|
| ||||||||||||||||||
|
|
|
|
| |||||||||||||||||||
|
|
|
|
| |||||||||||||||||||
|
|
|
|
|
(back to all track's schedule)
Working Sessions 18
Here are the working sessions that are currently being planned.
| Title | Track | Description |
|---|---|---|
| Android and iOS Security Enhancements and Crackme Apps (Fri) | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Mon Eve) | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Mon) | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Thu Eve) | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Thu) | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Tue) | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Wed Eve) | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Wed) | OWASP MSTG | Updating the content of the MSTG |
| Creating an iOS build pipeline with security checks | OWASP MSTG | Brainstorming for a iOS pipeline with security checks |
| Mobile AppSec Verification Standard (MASVS) | OWASP MSTG | Work on the open issues of the MASVS |
| Mobile AppSec Verification Standard (MASVS) (Evening) | OWASP MSTG | Work on the open issues of the MASVS |
| Mobile Basic Security Testing and Reverse Engineering (Evening Session) | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Mon Evening) | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Mon) | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Thu) | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Tue Evening) | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Tue) | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Wed) | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
User Sessions 4
Here are the users sessions that are currently being planned.
| Title | Track | Description |
|---|---|---|
| Mobile Security Testing Guide onboarding | OWASP MSTG | MSTG introduction for new contributors (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
| Mobile Security Testing Guide onboarding (Session 2) | OWASP MSTG | MSTG introduction for new contributors (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
| OWASP Mobile Security Testing Guide 101 | OWASP MSTG | MSTG introduction for newbies (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
| OWASP Mobile Security Testing Guide 101 (Session 2) | OWASP MSTG | MSTG introduction for newbies (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
Please help
If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.
Metadata
| Organizers | Jeroen Willemsen Jeroen Willemsen , Carlos Holguera Carlos Holguera , Sven Schleier Sven Schleier , Jeroen Beckers Jeroen Beckers |
|---|