NOWSECURE NOW AVAILABLE IN THE MICROSOFT AZURE MARKETPLACE

Microsoft Azure customers gain access to NowSecure Mobile App Security and Privacy Testing for scalability, reliability, and agility of Azure to drive mobile appdev and shape business strategies.

Read More
Media Announcement
NOWSECURE NOW AVAILABLE IN THE MICROSOFT AZURE MARKETPLACE NOWSECURE NOW AVAILABLE IN THE MICROSOFT AZURE MARKETPLACE Show More
magnifying glass icon
Marco Grassi

Marco Grassi

linkedin icon twitter icon

Former Mobile Security Analyst at NowSecure

Marco performs reverse engineering, penetration testing, and vulnerability research focusing on mobile OSs, apps, and devices.

The Nightmare Behind the Cross-Platform Apps Dream

PRESENTED ON April 12, 2015

Recently at Black Hat Asia 2015 in Singapore, NowSecure mobile researchers Marco Grassi and Sebastián Guerrero Selma gave a well-received presentation about cross platform frameworks and the unique security vulnerabilities they present. Due to the proliferation of mobile platforms in recent years, apps are increasingly created on cross-platform frameworks including PhoneGap, Unity3D, Adobe Air, Appcelerator and others. These frameworks can greatly simplify the mobile app development process by allowing developers to code once and then run on every mobile platform instead of having to write individualized, platform-specific code for Android, iOS, Blackberry and others. But this convenience often comes at the price of security. Code reuse creates a uniform attack surface. Vulnerabilities are shared between different apps, which means an attack that works on one app has a high probability of working on other apps that utilize the same cross-platform framework. You can learn more about the troubling security implications cross-platform frameworks present by checking out Marco and Sebastián’s presentation deck below.

About Marco

Marco Grassi joined NowSecure in 2012 as a member of the R&D Team, where he researches and develops solutions for mobile security products and performs reverse engineering, pentesting and vulnerability research in mobile OS applications and devices. When he’s not poking around mobile devices, he enjoys developing embedded systems and electronic systems. He has spoken at several international security conferences such as ZeroNights, Black Hat and Codegate. You can find him on Twitter at @marcograss.

About Sebastián

Sebastián Guerrero Selma’s work includes research in mobile security and web security, developing tools and techniques for vulnerability assessment and post-exploitation of mobile devices and applications, and reverse engineering embedded platforms and mobile platforms. In the last few years, he has spoken at several security conferences such as RootedCON, NoConName, and RSA. You can find him on Twitter at @0xroot.