Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.Proven security tactics for today's mobile apps, devices, and networks
"A great overview of the new threats created by mobile devices. ...The authors have heaps of experience in the topics and bring that to every chapter." -- Slashdot
Hacking Exposed Mobile continues in the great tradition of the Hacking Exposed series, arming business leaders and technology practitioners with an in-depthunderstanding of the latest attacks and countermeasures--so they can leverage the power of mobile platforms while ensuring that security risks are contained." -- Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA
Identify and evade key threats across the expanding mobile risk landscape. Hacking Exposed Mobile: Security Secrets & Solutions covers the wide range of attacks to your mobile deployment alongside ready-to-use countermeasures. Find out how attackers compromise networks and devices, attack mobile services, and subvert mobile apps. Learn how to encrypt mobile data, fortify mobile platforms, and eradicate malware. This cutting-edge guide reveals secure mobile development guidelines, how to leverage mobile OS features and MDM to isolate apps and data, and the techniques the pros use to secure mobile payment systems.
Tour the mobile risk ecosystem with expert guides to both attack and defenseLearn how cellular network attacks compromise devices over-the-airSee the latest Android and iOS attacks in action, and learn how to stop themDelve into mobile malware at the code level to understand how to write resilient appsDefend against server-side mobile attacks, including SQL and XML injectionDiscover mobile web attacks, including abuse of custom URI schemes and JavaScript bridgesDevelop stronger mobile authentication routines using OAuth and SAMLGet comprehensive mobile app development security guidance covering everything from threat modeling toiOS- and Android-specific tipsGet started quickly using our mobile pen testing and consumer security checklists
Bergman, Neil: -
Neil Bergman is a senior security consultant at Cigital, a leading software security firm, where he conducts and leads penetration testing, code review, and threat modeling of software on behalf of major organizations.
Mike Stanfield is a security consultant at Cigital where he specializes in security assessments for the iOS, Android, and Blackberry platforms.
Jason Rouse is a security architect on the team responsible for the security of Bloomberg LP's products and services.
Joel Scambray, CISSP, is a managing principal at Cigital and the bestselling coauthor of seven editions of Hacking Exposed.
Deshmukh, Swapnil: - Swapnil Deshmukh, is a security consultant at Cigital, Inc where he helps client build a secure mobile practices and his responsibilities includes designing and implementing mobile threat modeling, implementing security coding practices, performing source code analysis, reverse engineering application binaries, and performing mobile pentest. Prior to Cigital, Swapnil held a mobile threat analyst position at MyAppSecurity, where he designed and implemented mobile threat modeler. Swapnil holds a MS from George Mason University in Computer Networks and Telecommunication.
Geethakumar, Sarath: - Sarath Geethakumar is a Chief Information Security Specialist at Visa Inc. He specializes in mobile platform and application security and is actively involved in security research around mobility. Sarath's research activities have been instrumental in uncovering numerous security weaknesses with mobile device management solutions and platform security capabilities that were ethically disclosed to appropriate vendors. In addition to research, Sarath leads efforts around secure mobile application development and ethical hacking at Visa Inc.Sarath's background also includes roles such as security specialist, security consultant, lead architect and software developer. Before joining Visa Inc., he served as an Information Security Specialist and Red Team member at American Express. Sarath has also provided consulting expertise to various financial institutions and Fortune 500 companies as part of his consulting career. He has played a key role in shaping the mobile security practices across various organizations and training security professionals on mobile security."
Matsumoto, Scott: - Scott Matsumoto is a Principal Consultant at Cigital with over 20 years of software security and commercial software product development experience. At Cigital, Scott is responsible for the mobile security practice within the company, and has been instrumental in building Cigital's western US business through direct consulting as well as oversight of projects, training, and software deployments. He works with many of Cigital's clients on security architecture topics such as Mobile Application Security, Cloud Computing Security, SOA Security, fine-grained entitlements systems and SOA Governance. Scott's prior experience encompasses development of component-based middleware, performance management systems, graphical UIs, language compilers, database management systems and operating system kernels. He is a founding member of the Cloud Security Alliance (CSA) and is actively involved in its Trusted Computing Initiative.
Price, Mike: - Mike Price is currently Chief Architect at Appthority, Inc. In this role Mike focuses full time on research and development related to mobile operating system and application security. Mike was previously Senior Operations Manager for McAfee Labs in Santiago, Chile. In this role, Mike was responsible for ensuring smooth operation of the office, working with external entities in Chile and Latin America and generally promoting technical excellence and innovation across the team, and region. Mike was a member of the Foundstone Research team for nine years. Most recently, he was responsible for content development for the McAfee Foundstone Enterprise vulnerability management product. In this role, Mike worked with and managed a global team of security researchers responsible for implementing software checks designed to remotely detect the presence of operating system and application vulnerabilities. He has extensive experience in the information security field, having worked in the area of vulnerability analysis and infosec-related R&D for nearly thirteen years. Mike is a published author, having contributed to the title Hacking Exposed 7th Edition on the topic of iOS security, and to "Sockets, Shellcode, Porting & Coding" on the topic of sockets programming and code portability. Mike is also co-founder of the 8.8 Computer Security Conference, held annually in Santiago, Chile.
Price, Mike: - Mike Price is currently Chief Architect at Appthority, Inc. In this role Mike focuses full time on research and development related to mobile operating system and application security. Mike was previously Senior Operations Manager for McAfee Labs in Santiago, Chile. In this role, Mike was responsible for ensuring smooth operation of the office, working with external entities in Chile and Latin America and generally promoting technical excellence and innovation across the team, and region. Mike was a member of the Foundstone Research team for nine years. Most recently, he was responsible for content development for the McAfee Foundstone Enterprise vulnerability management product. In this role, Mike worked with and managed a global team of security researchers responsible for implementing software checks designed to remotely detect the presence of operating system and application vulnerabilities. He has extensive experience in the information security field, having worked in the area of vulnerability analysis and infosec-related R&D for nearly thirteen years. Mike is a published author, having contributed to the title Hacking Exposed 7th Edition on the topic of iOS security, and to "Sockets, Shellcode, Porting & Coding" on the topic of sockets programming and code portability. Mike is also co-founder of the 8.8 Computer Security Conference, held annually in Santiago, Chile.
Scambray, Joel: - Joel Scambray, CISSP, is Managing Principal with Citigal as well as Co-Founder of Consciere LLC. He was previously chief strategy officer for Leviathan Security Group. He has assisted companies ranging from newly minted startups to members of the Fortune 50 in addressing information security challenges and opportunities for over a dozen years.Joel's background includes roles as an executive, technical consultant, and entrepreneur. He was a senior director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co-founded security software and services startup Foundstone, Inc. He has also held positions as a Manager for Ernst & Young, Chief Strategy Officer for Leviathan, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and director of IT for a major commercial real estate firm. Joel has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT, CSI, ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP. Joel Scambray is the co-author of all 6 editions of Hacking Exposed. He is also the lead author of Hacking Exposed Windows and Hacking Exposed Web Applications.
Stanfield, Mike: - Mike Stanfield joined Cigital in 2012 as a Security Consultant. As part of Cigital's mobile security practice, Mike has specialized in application security assessments and penetration testing involving the iOS, Android, and Blackberry platforms, and has been involved with the development and delivery of Cigital's mobile software security training offerings. He also has experience working with mobile payment platforms, including GlobalPlatform/JavaCard applet security and development. Prior to joining Cigital, Mike was the head of Information Technology for the Division of Student Affairs at Indiana University. He also worked as a Grant Analyst for the Office of Research Administration at Indiana University, where he was involved with the development of the open source Kuali Coeus project. Currently residing in Manhattan, Mike studied Security Informatics at Indiana University and holds a Bachelor's in Anthropology from Indiana State University.
Steven, John: - John Steven is Cigital's Internal CTO. He is a sought-after speaker with over 15 years of industry experience. John's expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. As a Principal Consultant, John has provided strategic direction to many multi-national corporations. As Internal CTO, John directs Cigital's security practices and his keen interest in automation keeps Cigital technology at the cutting edge.
