Lunarline Presents Live Demo Of Application Hacking At AppSec Conference In Austin, TX
ARLINGTON, Va., Oct. 24, 2012 /PRNewswire/ — Lunarline will be giving a presentation on application hacking at the OWASP AppSec USA 2012 Conference, being held at the Hyatt Regency Hotel in Austin, Texas on October 24(th) and 25(th). The presentation, titled “Reverse Engineering of ‘Secure’ HTTP APIs with an SSL Proxy,” focuses on a common (but insecure) method of securing HTTP APIs with SSL and how a malicious user may exploit this. The presentation will include a live demonstration of a man-in-the-middle attack on a mobile device application.
The proliferation of mobile devices has led to increased emphasis on native applications, such as Objective-C applications written for iOS or Java applications written for Android. Nonetheless, these native client applications frequently use HTTP APIs to communicate with a backend server. In addition, browser-based applications are growing more complex, and are also more likely to make asynchronous calls to HTTP APIs.
Properly configured SSL will protect a protocol from eavesdropping (man-in-the-middle attack) but will not protect that protocol from the end user himself. Lunarline’s presentation will demonstrate how an end user can use an SSL proxy to decrypt and reverse engineer the HTTP API.
Mark Haase, Lunarline Senior Software Developer, and Alejandro Caceres, Lunarline Computer Network Operations Engineer, will be presenting their talk at 10am CT on October 24(th) in the Gemalto Room – Hill Country C. Haase developed Lunarline’s SCAP Sync web application, a search engine and repository for Security Content Automation Protocol (SCAP) content. Caceres is leading research and development efforts on Lunarline’s flagship cyber offensive capability and is a lead member of Lunarline’s penetration testing team.
For a full schedule and to read more about our presentation, please see the AppSec 2012 website at http://www.appsecusa.org/.
Please visit www.lunarline.com after the conference to view a recording of the presentation, courtesy of AppSec.
Lunarline is a leading cyber security and privacy provider to the US Federal Government, as well as private industry. Our unique approach to cyber security combines our proven products, specialized services, and certified training together as a complete solution customized for the success of your cyber mission. Lunarline is an accredited FedRAMP Third Party Assessment Organization (3PAO).
LUNARLINE: SOLUTIONS BUILT ON SECURITY(TM)
For more information, visit http://www.lunarline.com/.
Carolyn Morse, Media Relations