This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, October 25 • 10:00am - 10:45am
Minding The Gap: Secure PhoneGap Apps

Sign up or log in to save this to your schedule and see who's attending!

PhoneGap is a popular framework amongst the mobile development community. PhoneGap allows developers to rapidly build cross-platform mobile applications using HTML 5, JavaScript, and CSS. Using PhoneGap plugins, developers can call native platform APIs from browser-like applications using JavaScript. This approach introduces both interesting as well as powerful vulnerabilities that are not typically as prevalent within native mobile applications, warranting a fresh look at the way we view the impact and likelihood of exploitation amongst PhoneGap applications. PhoneGap applications inherit security issues generally reserved for code running within web browsers, while also being potentially vulnerable to traditional security issues affecting native mobile applications. 

In this presentation, we will take a deep look at the core framework and we will examine the overall attack surface for applications built with PhoneGap. Live demonstrations will be performed to illustrate how PhoneGap prevents you from hiding behind the safety of a mobile platform's security model. Real-world examples of vulnerable applications built with PhoneGap will be demonstrated as well. This provides context as well as plenty of entertainment for audience members. In addition, a walkthrough of the vulnerable OWASP GoatDroid PhoneGap app will be provided. 

After discussing the common pitfalls of PhoneGap cross-platform development, we will provide a methodology and recommendations for narrowing the surface for attack. We will also release an open-source tool for enhancing the security posture for your PhoneGap applications. This presentation will be heavy on code examples, demonstrations, and practical information. 


Jack Mannino

Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium to invent new and more efficient ways of protecting software. Jack is a huge fan of contributing to open source projects, and leads the OWASP Northern Virginia chapter. In his spare time, he loves to kick around new frameworks and technologies, especially things that run... Read More →

Friday October 25, 2013 10:00am - 10:45am
HackersForCharity.org Room Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757

Attendees (10)