GOTO is a vendor independent international software development conference with more that 90 top speaker and 1300 attendees. The conference cover topics such as .Net, Java, Open Source, Agile, Architecture and Design, Web, Cloud, New Languages and Processes

Graham Lee, Security consultant and author of ”Professional Cocoa Application Security”

Graham Lee

Biography: Graham Lee

Graham Lee is a security consultant and contract developer, specialising in iOS and Mac OS X application development. He is the author of "Professional Cocoa Application Security", published by Wiley in 2010 and described as a "must read" by someone who isn't even related to him. Graham lives and works in Oxford, UK.

Presentation: War Stories, Part 1

Track: War Stories / Time: Monday 10:35 - 11:35 / Location: Room 102 / 103

It is not enough to succeed. Others must fail.

Have you ever had a bug nagging you for half a year? Have you ever been relieved after half a year of on and off debugging when you finally solved a bug? Did you ever reflect on why it took you so long to solve a bug?

In this presentation speakers will reveal how they solved their worst bug. You will experience old and new technical details that you've never heard about. You will get inspired to learn more.

10-15 min. enlightning talks 

War Story 1: Selenium race condition
Speaker: Yoav Abrahami

War Story 2: Cache miss
Speaker: Itai Hochman

War Story 3: Localisation: "Epic Fejl"
Speaker: Graham Lee   

Presentation: iOS vulnerabilities and fixes

Track: Security - common pitfalls / Time: Tuesday 10:35 - 11:35 / Location: Room 202

Cocoa Touch apps based in Objective-C can contain vulnerabilities from any of the last few decades, from code injection attacks to good old fashioned C string overflows. In this talk, Graham will examine some of these issues, showing what they - and their fixes - look like in code.

Presentation: Mobile App Security Techniques and Traps

Track: Mobile Technologies: Native + Web / Time: Tuesday 14:05 - 15:05 / Location: KeynoteRoom

As we enter the post-PC era and rely on mobile platforms more for both work and recreation, security becomes an increasingly important consideration for our users. In this talk, I will describe the practice of designing, building and testing a secure mobile app. I will also examine some of the common vulnerabilities encountered in mobile apps, and discuss techniques for mitigation. These techniques will be presented as guidelines independent of the APIs and languages, suitable for developers working with any mobile technology.