Table of Contents

Part I: Mobile Platforms; Chapter 1. Top Mobile Issues and Development Strategies; Chapter 2. Android Security; Chapter 3. The Apple iPhone; Chapter 4. Windows Mobile Security; Chapter 5. BlackBerry Security; Chapter 6. Java Mobile Edition Security; Chapter 7. SymbianOS Security; Chapter 8. WebOS Security;Part II: Mobile Services; Chapter 9. WAP and Mobile HTML Security; Chapter 10. Bluetooth Security; Chapter 11. SMS Security; Chapter 12. Mobile Geolocation; Chapter 13. Enterprise Security on the Mobile OS; Part III: Appendices; Appendix A. Mobile Malware; Appendix B. Mobile Security Penetration Testing Tools; Index

About the Author

Himanshu Dwivedi is a co-founder of iSEC Partners (www.isecpartners.com), an information security firm specializing in application security. At iSEC, Himanshu manages the firm’s product development efforts and co-manages the sales and marketing programs. Himanshu is also a renowned industry author with six security books published, including Mobile Application Security (McGraw Hill/Osborne), Hacking VoIP (No Starch Press), Hacking Exposed: Web 2.0 (McGraw Hill/Osborne), Hacker’s Challenge 3 (McGraw Hill/Osborne), Securing Storage (Addison Wesley), and Implementing SSH (Wiley). In addition to the books, Himanshu also has a patent pending on Fibre Channel security. Before starting iSEC Partners, Himanshu was the Regional Technical Director at @stake, Inc.



Chris Clark is a principal security consultant at iSEC Partners, where he writes tools, performs penetration tests, and serves as a Windows and Mobile expert. Throughout his software career, Chris has focused exclusively on security, and has assisted several large companies in designing and developing secure software. He has led several teams through implementation of the Security Development Lifecycle (SDL) and the initial bootstrapping process required to develop secure products. By working on server, client, and hosted web applications, Chris has amassed a broad range of security experience. Before joining iSEC, Chris worked for Microsoft where he was responsible for ensuring the security of a both a large-scale payment system and a widely deployed enterprise management product.
Chris has presented on security at RSA 2009, NY/NJ and Seattle OWASP chapter meetings, the SOA Executive Forum, and as a trainer at Blackhat Federal where he collaborated with Immunity and Microsoft to deliver the Defend-the-Flag training. In addition to public speaking, Chris has developed and delivered several trainings to both management teams and engineers working to develop more secure products.




David Thiel is a Principal Security Consultant with iSEC Partners, Inc. He has over 12 years of computer security experience, auditing and designing security infrastructure in the electronic commerce, government, aerospace and online wagering industries. Areas of expertise are web application penetration testing, network protocols, fuzzing, UNIX, and MacOS X. Research interests include mobile and embedded device exploitation, media software vulnerabilities, and attack vectors in emerging web application technologies. He has presented research and security topics at Black Hat USA, Black Hat EU, DEFCON, PacSec and Syscan, and is a contributor to the FreeBSD project.