Last Day to Save $400 on 4-6 Day Courses at SANS Cyber Defense Initiative 2017!

SANSFIRE 2016

Washington, DC | Sat, Jun 11 - Sat, Jun 18, 2016
This event is over,
but there are more training opportunities.

Penetration Testing Mobile Banking Applications

  • Bojan Zdrnja, ISC Handler
  • Wednesday, June 15th, 8:15pm - 9:15pm

In recent years mobile devices have become an extremely attractive platform that enables delivery of various banking and financial services to end users. Mobile Internet banking and electronic wallets are only some solutions that are being used more often and we can certainly expect many other new services being delivered in this area. Ease of use, mobility and simplicity are only some advantages that make these services very attractive to users when compared to traditional banking and financial services.

On the other hand, a question that keeps rising, and that is critical for wider acceptance of such services is their security and their exposure to malicious activities and hacking. What risk do the users come under if they lose their mobile device? How secure is the data stored on the device? Is it possible for an attacker or a fraudster to make financial transaction if he steals a mobile device?

This presentation will demonstrate how a penetration test of a mobile banking application is typically conducted, what tools are used and what specific attack vectors should be paid extra attention.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
  • Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Sunday, June 12
Session Speaker Time Type
Securing Your Kids Lance Spitzner Sunday, June 12th, 7:00pm - 8:00pm SANS@Night
Monday, June 13
Session Speaker Time Type
General Session - Welcome to SANS Dr. Johannes Ullrich Monday, June 13th, 8:15am - 8:45am Special Events
Women's CONNECT Event Hosted by SANS COINS program and ISSA WIS SIG Monday, June 13th, 6:00pm - 7:00pm Special Events
State of the Internet Panel Discussion Dr. Johannes Ullrich, ISC Director and Marcus Sachs, ISC Director Emeritus Monday, June 13th, 7:15pm - 9:15pm Keynote
Tuesday, June 14
Session Speaker Time Type
Managing Risk from Vendors and Other Third Parties Hariom Singh, CISSP, Director, Policy Compliance (SME) Tuesday, June 14th, 12:30pm - 1:15pm Lunch and Learn
Network Segmentation Quick Start How-to Brett Young, Senior Security Consultant Tuesday, June 14th, 12:30pm - 1:15pm Lunch and Learn
Next-Gen Now: Outsmarting Rootkits, Ransomware, and Zero-Day Attacks Matt Hickey , DIrector, Sales Engineering Tuesday, June 14th, 12:30pm - 1:15pm Lunch and Learn
Beyond Whois: See Threats Coming Steve Butt, Sales Engineer Tuesday, June 14th, 12:30pm - 1:15pm Lunch and Learn
Flipping the Economics of Attacks Adam Lapins, Systems Engineer Tuesday, June 14th, 12:30pm - 1:15pm Lunch and Learn
Critical Infrastructure ICS Attack Planning Jason Dely, Principal Consultant, Professional Services Tuesday, June 14th, 12:30pm - 1:15pm Lunch and Learn
Innovation Showcase Tuesday, June 14th, 5:30pm - 7:30pm Vendor Event
CISO Hot Topic: Communicating to and Influencing CEOs and Boards of Directors: What Works and What to Avoid John Pescatore & Alan Paller Tuesday, June 14th, 6:00pm - 8:15pm Special Events
Ultimate Test Drive (UTD) Palo Alto Networks Tuesday, June 14th, 6:00pm - 8:00pm Vendor Event
GIAC Program Presentation Jeff Frisk Tuesday, June 14th, 6:15pm - 7:15pm SANS@Night
Radware Attack Mitigation Systems (AMS) Brian Ray, Sales DIrector, S.E. Tuesday, June 14th, 6:30pm - 8:30pm Vendor Event
How to bring some Advanced Persistent Trickery to your fight against Advanced Persistent Threats... Bryce Galbraith and John Strand Tuesday, June 14th, 7:15pm - 8:15pm SANS@Night
Smartphone and Network Forensics Goes Together Like Peas and Carrots Heather Mahalik and Phil Hagen Tuesday, June 14th, 7:15pm - 8:15pm SANS@Night
Digital Investigations: Leveraging the Multitude of Records Ben Wright Tuesday, June 14th, 7:15pm - 8:15pm SANS@Night
Fire in the Hole: ICS Security Case Studies Hosted by Derek Harp Tuesday, June 14th, 7:15pm - 8:15pm SANS@Night
Success Rates for Client Side Vulnerabilities Jonathan Risto - Master's Degree Candidate Tuesday, June 14th, 7:15pm - 7:55pm Master's Degree Presentation
Managing Large-Scale Incident Response Kevin Liston, ISC Handler Tuesday, June 14th, 8:15pm - 9:15pm SANS@Night
Security Awareness: Understanding and Managing Your Top Seven Human Risks Lance Spitzner Tuesday, June 14th, 8:15pm - 9:15pm SANS@Night
CISO Success Strategies Frank Kim Tuesday, June 14th, 8:15pm - 9:15pm SANS@Night
The Nightmare on Cryptville Street: 20 Pills for a Night of Sleep Oleg Bogomolniy - Master's Degree Candidate Tuesday, June 14th, 8:15pm - 8:55pm Master's Degree Presentation
Wednesday, June 15
Session Speaker Time Type
SANS Technology Institute Breakfast Reception Wednesday, June 15th, 7:00am - 8:00am Breakfast and Learn
Vendor Solutions Expo Wednesday, June 15th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Wednesday, June 15th, 5:30pm - 7:30pm Vendor Event
Writing Tech: Stories from the Field Joshua Wright Wednesday, June 15th, 7:15pm - 8:15pm SANS@Night
Homegrown AppSec: How to build your team from the inside Frank Kim & Eric Johnson Wednesday, June 15th, 7:15pm - 8:15pm SANS@Night
Preparing for a PCI DSS Security Breach Christian Moldes - Master's Degree Candidate Wednesday, June 15th, 7:15pm - 7:55pm Master's Degree Presentation
$HOME Sweet $HOME Xavier Mertens, ISC Handler Wednesday, June 15th, 8:15pm - 9:15pm SANS@Night
Penetration Testing Mobile Banking Applications Bojan Zdrnja, ISC Handler Wednesday, June 15th, 8:15pm - 9:15pm SANS@Night
Going Mobile: Are your apps putting you at risk? Eric Johnson Wednesday, June 15th, 8:15pm - 9:15pm SANS@Night
Thursday, June 16
Session Speaker Time Type
Hacking the Hacking Team Jayson Wehrend , Solutions Engineer Thursday, June 16th, 12:30pm - 1:15pm Lunch and Learn
Malware As A Service: Kill the Supply Chain Tom Byrnes, CEO and Founder Thursday, June 16th, 12:30pm - 1:15pm Lunch and Learn
MobileIron Mobile Security and Risk Review Research Results James Plouffe, Lead Solutions Architect Thursday, June 16th, 12:30pm - 1:15pm Lunch and Learn
Managing and Deploying Honeypots using Open Source Tools Jason Trost, VP of Threat Research Thursday, June 16th, 12:30pm - 1:15pm Lunch and Learn
ThreatConnect Demo John Hurd, Intelligence Research Analyst, ThreatConnect Thursday, June 16th, 12:30pm - 1:15pm Lunch and Learn
Exploit Kits and Indicators of Compromise Brad Duncan, ISC Handler Thursday, June 16th, 7:15pm - 8:15pm SANS@Night
Continuous Opportunity: DevOps & Security Ben Allen Thursday, June 16th, 7:15pm - 8:15pm SANS@Night
Playing with SCADA's Modbus Protocol Justin Searle Thursday, June 16th, 7:15pm - 8:15pm SANS@Night
Executing an Active Defense Strategy in an ICS/SCADA Network Robert M. Lee Thursday, June 16th, 8:15pm - 9:15pm SANS@Night
The iOS of Sauron - How iOS Tracks Everything You Do Sarah Edwards Thursday, June 16th, 8:15pm - 9:15pm SANS@Night
Pentest Apocalypse Beau Bullock Thursday, June 16th, 8:15pm - 9:15pm SANS@Night
Friday, June 17
Session Speaker Time Type
How to Make Sense of IOCs (or Automate it or Lose it!) Pedro Bueno, ISC Handler Friday, June 17th, 7:15pm - 8:15pm SANS@Night
How to Commit Card Fraud G. Mark Hardy Friday, June 17th, 7:15pm - 8:15pm SANS@Night
Data Mining Malware Like a Boss John Bambenek, ISC Handler Friday, June 17th, 8:15pm - 9:15pm SANS@Night