We’re pleased to announce that we’re teaming up with Gunnar Peterson at Arctec Group, LLC to deliver our first ever Mobile App Sec Triathlon.

The 3-day heavily hands-on training event will be held 2-4 November 2011 in San Jose, California. See the web site for details:

http://www.mobileappsectriathlon.com

Faced with the problem of managing a fleet of iPhones and/or iPads? Well, we’ve added a course to our training catalog that will help you do your job more effectively.

Rolling out a fleet of iPads and iPhones across an entire enterprise is a massive undertaking, and mistakes can be costly. How do you enforce enterprise IT policies for passwords, acceptable software, and so on? Our latest course, Managing the iPad/iPhone in the Enterprise, was built to answer these and many more questions.

The course includes hands-on labs where you’ll analyze off-the-shelf iOS software to determine whether it should be acceptable in an enterprise environment, as well as labs where you’ll learn how to build from scratch a custom configuration profile to enforce your enterprise’s security policies and practices. You’ll also learn how to deploy and centrally (and wirelessly) manage configurations across an entire enterprise fleet of devices.

We’ve confirmed several upcoming open enrollment classes in Canberra and Melbourne, Australia. The classes are being organized by our business partner in the region, Saltbush Group, and the schedule is as follows:

1-5 August - Web Application Security In-depth
8 August - Securing the iPad / iPhone in the Enterprise
10-11 August - Developing Bulletproof Apps for the iPad / iPhone

For additional details, please contact us or Saltbush directly.

Along with the release of the OWASP iGoat tool, KRvW is also announcing that iGoat has been integrated into our popular mobile application courses.

Effective immediately, all students taking our course, “The art of building bulletproof iPhone apps” will use the iGoat tool to step through and learn about various iOS security pitfalls and how to avoid them. A 1/2- to 1-day coding lab is also available in which the students implement the necessary remediations to remove the vulnerabilities from each of the exercises included in iGoat.

Contact KRvW Associates for additional information.

Last week, we released the OWASP iGoat learning tool under GPLv3 licensing.

The iGoat tool is a learning tool, primarily meant for iOS developers (but also useful to IT security practitioners, security architects, and others who simply want to learn about iOS security). It takes its name and inspiration from the venerable OWASP WebGoat tool.

Like WebGoat, iGoat users explore a number of security weaknesses in iOS by exploiting them first. Then, once each weakness has been explored, the iGoat user must implement a remediation to protect against each weakness and validate that the remediation was successful--similar to the WebGoat Developer Edition.

Hints and other background information are provided, right down to commented solutions in the source code, so that developers can use iGoat as a self-study learning tool to explore and understand iOS weaknesses and how to avoid them.

The iGoat project leader is Ken van Wyk from KRvW Associates, and the lead developer is Sean Eidemiller, also from KRvW Associates. Although we sponsored the initial release here at KRvW, we’re inviting the OWASP community to contribute and participate in this important open source project.

A project mailing list is available through OWASP, and is free and open to all.

Today, we have the pleasure to announce a new Principal Consultant has joined KRvW Associates, LLC. Sean Eidemiller brings to KRvW his extensive software development experience.

Sean’s software development experience, combined with his experience and knowledge of software security practices, helps KRvW Associates continue to build on its reputation of being a world-class provider of security consulting and training services.

Sean has worked with KRvW Associates over the years on various special projects, so it’s great to bring him on board as a Principal at last.

We’re excited to announce today the addition of a pair of new classes to our offerings. We are now offering a pair of classes on secure app development for the iOS and Android platforms. See the course description for additional information, or contact us directly for a detailed description of the course outlines and availability.