Black Hat USA 2019: Top Mobile AppSec TalksPosted by Amy Schurr
The NowSecure team is gearing up for an incredible week at Black Hat USA 2019 in Las Vegas. We’re excited to join the 22nd annual top security event to engage on all things mobile app security research, development, tools and trends.
Our world-renowned research team will be at Black Hat early to kick off the Advanced Frida and Radare – A Hacker’s Delight four-day training session on Saturday, August 3. You can request an invite to network with your peers and chat with our researchers over drinks at our exclusive ‘Ritas & Researchers reception on Tuesday, August 6. And we look forward to connecting many of you with our mobile application security experts at the conference through prebooked meetings or visits to Booth #674.
To help you build your agenda and make the most of your time at the conference, we’ve selected several key Black Hat briefings that focus on mobile device security, enterprise mobile appsec, DevSecOps and reverse engineering.
Keynote: Every Security Team Is a Software Team Now
Dino Dai Zovi, Square
Wed., Aug. 7, 9:00 a.m. – 10:00 a.m.
As DevOps has evolved, software teams need to own security and security teams need to become full-stack software teams. Just as classic ops teams have internal infrastructure teams, security teams will become internal security software teams that deliver value through self-service platforms and tools. This talk will highlight how this is being done across high-performing companies and how to enable the DevSecOps transformation at your own.
Cyber Insurance 101 for CISOs
Jeffrey Smith, Cyber Risk Underwriters
Wed., Aug. 7, 1:30 p.m. – 2:20 p.m.
Gain a basic understanding of a cyber policy including coverage terms and conditions and services included with the product. You’ll also learn the value a CISO can bring to the cyber insurance procurement process.
Look, No Hands! The Remote, Interaction-less Attack Surface of the iPhone
Natalie Silvanovich, Google
Wed., Aug. 7, 2:40 p.m. – 3:30 p.m.
There have been rumors about remote vulns requiring no user interaction being used to attack the iPhone. This presentation explores the remote, interaction-less attack surface of iOS and covers two examples of vulns discovered. Silvanovich is a legend in the security community and a member of Google’s Project Zero team and we’re looking forward to hearing what she has to say.
Controlled Chaos: The Inevitable Marriage of DevOps & Security
Kelly Shortridge, Capsule8
Nicole Forsgren, Google Cloud
Wed., Aug. 7, 4:00 p.m. – 4:50 p.m.
Security has a choice: merge with DevOps and embrace the philosophy of controlled chaos, or be shoved aside and descend into irrelevancy. But in reality, DevOps’ priorities and goals aren’t so different from modern info security’s goals. Learn tips for shifting security to an enabler of organization objectives and how to transform it into a lean, mean, innovation machine.
On Trust: Stories from the Front Lines
Jamil Farshchi, Equifax
Thurs., Aug. 8, 9:00 a.m. – 9:25 a.m.
Farschi joined Equifax to help transform security following its 2017 breach and led a similar rebuilding initiative at Home Depot and knows better than anyone that the single most damaging thing to many companies has been a loss of trust. He will share his experiences leading enterprise security programs through times of great change. Learn about the starring role security practitioners play in supporting a company’s ability to maintain trust and how to champion it within your organization.
Information Security in the Public Interest
Bruce Schneier, Harvard Kennedy School
Thurs., Aug. 8, 9:45 a.m. – 10:35 a.m.
Election security. Blockchain. IoT safety. Data privacy — all are important public policy issues around security. Schneier will make the case that technologists need to be involved in policy discussions for the good of public safety and overall social welfare. Join to get involved in the debate about how much of our lives should be governed by technology and under what terms.
Behind the Scenes of iOS and Mac Security
Ivan Krstic, Apple
Thurs., Aug. 8, 12:10 p.m. – 1 p.m.
With more than 1.4 billion active devices and security protections spanning every layer from silicon to software, Apple works to advance the security in every new product and software release. This session will discuss three iOS and Mac security topics in precedented technical detail, offering the first public discussion of several key technologies new to iOS 13 and the Mac: code integrity enforcement; the T2 Security Chip and Find My feature.
Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps
Maddie Stone, Google
Thurs., Aug. 8, 2:30 p.m. – 3:20 p.m.
While the Android security community has predominantly focused on user-space applications, the Android pre-installed system is a big space to audit and secure. Learn about the differences in reversing and analyzing pre-installed apps. You’ll hear case studies about security issues discovered this year and last and be led on a detailed tour of the Android pre-installed ecosystem.
Meet the NowSecure Team
Book a meeting with a NowSecure staff member to see our mobile application security testing solutions in action and learn how to reduce risk while speeding software delivery.
Stop by Booth #674 to view our tech, talk pen testing, share your favorite stories and snag some “False Positives Suck” stickers.