The Wayback Machine - https://web.archive.org/web/20121029200051/http://java.sys-con.com:80/node/2416080

Welcome!

Java Authors: Liz McMillan, Elizabeth White, Pat Romanski, Gregor Petri, Rob Sobers

News Feed Item

Lunarline Presents Live Demo Of Application Hacking At AppSec Conference In Austin, TX
By PR Newswire
Article Rating:
October 24, 2012 12:20 PM EDT
Reads:
 208

ARLINGTON, Va., Oct. 24, 2012 /PRNewswire/ -- Lunarline will be giving a presentation on application hacking at the OWASP AppSec USA 2012 Conference, being held at the Hyatt Regency Hotel in Austin, Texas on October 24th and 25th. The presentation, titled "Reverse Engineering of 'Secure' HTTP APIs with an SSL Proxy," focuses on a common (but insecure) method of securing HTTP APIs with SSL and how a malicious user may exploit this. The presentation will include a live demonstration of a man-in-the-middle attack on a mobile device application. 

(Logo: http://photos.prnewswire.com/prnh/20110622/PH24580LOGO )

The proliferation of mobile devices has led to increased emphasis on native applications, such as Objective-C applications written for iOS or Java applications written for Android. Nonetheless, these native client applications frequently use HTTP APIs to communicate with a backend server. In addition, browser-based applications are growing more complex, and are also more likely to make asynchronous calls to HTTP APIs.

Properly configured SSL will protect a protocol from eavesdropping (man-in-the-middle attack) but will not protect that protocol from the end user himself. Lunarline's presentation will demonstrate how an end user can use an SSL proxy to decrypt and reverse engineer the HTTP API.

Mark Haase, Lunarline Senior Software Developer, and Alejandro Caceres, Lunarline Computer Network Operations Engineer, will be presenting their talk at 10am CT on October 24th in the Gemalto Room - Hill Country C. Haase developed Lunarline's SCAP Sync web application, a search engine and repository for Security Content Automation Protocol (SCAP) content. Caceres is leading research and development efforts on Lunarline's flagship cyber offensive capability and is a lead member of Lunarline's penetration testing team.

For a full schedule and to read more about our presentation, please see the AppSec 2012 website at http://www.appsecusa.org/

Please visit www.lunarline.com after the conference to view a recording of the presentation, courtesy of AppSec. 

About Lunarline
Lunarline is a leading cyber security and privacy provider to the US Federal Government, as well as private industry. Our unique approach to cyber security combines our proven products, specialized services, and certified training together as a complete solution customized for the success of your cyber mission. Lunarline is an accredited FedRAMP Third Party Assessment Organization (3PAO).

LUNARLINE: SOLUTIONS BUILT ON SECURITY™

For more information, visit http://www.lunarline.com/.

Contact
Carolyn Morse, Media Relations
[email protected]
571-481-9312

SOURCE Lunarline

Published October 24, 2012 – Reads 208
Copyright © 2012 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

'); var i; document.write(''); } // -->
 

About JAVA Developer's Journal
Java Developer's Journal presents insight, technical explanations and new ideas related to Java and covers the technology that affects Java developers and their companies.

ADD THIS FEED TO YOUR ONLINE NEWS READER Add to Google My Yahoo! My MSN