Tags

, , , ,

OWASP“Enterprise security has actually become dependant upon how we can identify people at the mobile layer.” — Jack Mannino

When it comes to mobile security, you’d be hard pressed to find a more knowledgeable source than Jack Mannino, co-leader of the OWASP Mobile Security Project. During the Software Quality and Assurance Forum sponsored by the Department of Homeland Security last month, Jack and I sat down to talk about his work with OWASP and the mobile initiative.

“The ecosystem is arguably just as much of a risk as the actual application security itself. They go hand in hand.” — Jack Mannino

Our discussion included ideas on how to move security closer to the beginning of the development project, and why many companies are choosing not to do that.

“You’ll see pushback from a product or project manager if security impacts their ability go live. They are willing to accept the risks in order to just go live.” — Jack Mannino

Listen to the Full Interview: Jack Mannino – Build Security into Mobile

Highlights of our Discussion
00:05 OWASP Top 10 for Mobile
01:31 GitHub for mobile and open source projects
02:10 Concerns with mobile and security
03:30 Changing security within the development life cycle
04:40 Security automation within the development life cycle
06:45 Pushback to DevOps methodology
07:42 The biggest security threat in mobile

About Jack Mannino
Jack Mannino is a managing partner at nVisium Security, a leading provider of mobile application and web application security services. At nVisium he is responsible for ensuring that all services are delivered at the highest levels of quality and with keen attention to detail. He focuses on mobile application security research (especially Android), and is the co-leader of the OWASP Mobile Security Project. In addition to the Mobile Security Project,

Jack is also heavily involved with the OWASP Northern Virginia Chapter where he serves as the chapter leader. In addition, he is the lead developer for the OWASP GoatDroid Project, and is a contributor to the OWASP RailsGoat Project.

Add a new comment