SecureWorld: Building a Mobile App Security Risk Management Program

by | May 24, 2012

SecureWorld: Building a mobile application security risk management program

We recently co-presented a case study with Vas Rajan (CISO, INGDirect) discussing how we jointly developed a security risk management program for customer-facing mobile apps. We discussed the security risks and challenges, and a programmatic approach to assessing and defending the infrastructure and apps themselves, including:

  • Merits and challenges of using Mobile Enterprise Application Platforms (MEAP)
  • Creating a mobile app security testing capability
  • Clear, cross-platform app development security standards and working with app developers
  • Defending and monitoring the mobile service delivery network

Download Slides: Security Risk Advisors – SecureWorld – May 2012


Chris Salerno
Managing Director | Archive

Chris leads SRA’s 24x7 CyberSOC services. His background is in cybersecurity strategy based on NIST CSF, red and purple teams, improving network defenses, technical penetration testing and web applications.

Prior to shifting his focus to defense and secops, he led hundreds of penetration tests and security assessments and brings that deep expertise to the blue team.

Chris has been a distinguished speaker at BlackHat Arsenal, RSA, B-Sides and SecureWorld.

Prior to Security Risk Advisors, Chris was the lead penetration tester for a Big4 security practice.