Matt Johansen
Application Security Engineer
WhiteHat Security, Santa Clara, CA USA

Matt Johansen is a Threat Research Center Manager at WhiteHat Security where he oversees and assesses more than 4,500 web applications for many Fortune 500 companies across a range of technologies. He was previously a security consultant for VerSprite, where he was responsible for performing network and web application penetration tests. Mr. Johansen is also an instructor of Web Application Security at Adelphi University, where he received his Bachelor of Science in Computer Science, and San Jose State University. He has also been utilized by the SANS Institute as an industry expert for certification review.

Mr. Johansen will speak about, Keeping up with Web Based OSes: Security Flaws in the Dawn of the Mobile Age.

"What time is it?" Check your iPhone. "How much money is in my bank account?" Check your iPhone.

Everywhere, the smart phone and the "anywhere" Internet have changed the way we function.  This also means our approaches to security need to shift fundamentally.  Old relics like firewalls are the least of our concerns now that hundreds of applications can be stored on one centralized server and accessed by millions at any one time. Simplified OSs, the need for instant data, and demand for new services are driving the security industry to new places, but how do we keep up?

This presentation will address the pitfalls of mobile application security.  Specifically, Matt has conducted extensive real-world impact research surrounding Google's ChromeOS and has discovered a slew of serious and fundamental security design flaws.  With no more than a single mouse-click users maybe be victimized by various methods, including:

  • Exposing all user email, contacts, and saved documents.
  • Conducting high speed scans their intranet work and revealing active host IP addresses.
  • Spoofing messaging in their Google Voice account.
  • Taking over their Google account by stealing session cookies, and in some case do the same on other visited domains.

With the cloud and Web-based operating systems poised to make an impact on our computing future, Matt will share his research through a series of live demonstrations of these new attack pathways.