AppSec California 2014

Headshot dan

Dan Kuykendall

Company : NT OBJECTives

Personal/Company Website: http://www.ntobjectives.com

co-CEO and CTO

7 Deadly Sins: Unlock the Gates of Mobile Hacking Heaven 

After spending the past year hacking mobile applications, Dan Kuykendall co-CEO and CTO of NT OBJECTives, searched to uncover the most common security mistakes made during mobile app development.  In this presentation he will share with attendees the findings of his research which center on session management – the process of authenticating the user and ensuring an attacker isn’t impersonating a user or eavesdropping on the service.  In most cases, a vulnerability in any single area isn’t a significant liability, however, the more mistakes that are made, the easier it is to attack the app. In this talk Dan will unveil what he calls The Seven Deadly Sins of Mobile Application Development (such as trusting the client and improper use of NONCE) and what developers can do to sin no more! How many are you committing?

Bio: 

Dan is a founder of NT OBJECTives and has been with the company for more than 10 years. He is responsible for the strategic direction and development of products and services and works closely with technology partners to make sure integrations are both deep and valuable. As a result of Dan’s dedication to security, technology innovation and software development, NTO application security scanning software is often recognized as the most accurate because of its sophisticated automation techniques. Dan joined NT OBJECTives from Foundstone, where he was responsible for the portal interface to the company’s flagship product, FoundScan. Prior to Foundstone, Dan was the founder of the Information Security team in the United States branches of Fortis.

Dan is a regular blogger on web application security issues on ManVsWebApp.com and co-hosts An Information Security Place Podcast. His has presented on the topics of mobile and application security at many of the top security industry conferences such as ISSA (2011), B-Sides (2012-2013), OWASP AppSecUSA (2012), HouSecCon (2010-2012), ToorCon (2013) and THOTCON (2013). Dan has been involved with Web Application Security Consortium and is a regular contributor to many open source development projects including founding the RPM Builder, phpGroupWare and podPress projects.