Your SlideShare is downloading. ×
  • Like
  • Save
Mobile security - the challenge of security for mobile applications
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Mobile security - the challenge of security for mobile applications

  • 963 views
Published

Better Software 2012: http://www.bettersoftware.it/conference/talks/mobile-security

Better Software 2012: http://www.bettersoftware.it/conference/talks/mobile-security

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
963
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. MOBILE SECURITYThe challenge of security for mobile applications Francesco Iovine @ Better Software 2012
  • 2. Breaking news!
  • 3. August, 6How Apple and Amazon security flawsled to my epic hacking. Mat Honan / wired.com Photo by Wired.com
  • 4. August, 23The Role of the National Institute of Standardsand Technology in Mobile Security nist.gov Photo by freefotouk / Flickr.com
  • 5. September, 41 Million Apple ID Numbers Posted by Hackers arstechnica.com Photo by raincoaster / Flickr.com
  • 6. Assets Threats Mobile SECURITYRisks Controls
  • 7. Assets Mobile SECURITY
  • 8. Assets Threats Mobile SECURITY
  • 9. Assets Threats Mobile SECURITYRisks
  • 10. Assets Threats Mobile SECURITYRisks Controls
  • 11. Assets Threats Mobile SECURITYRisks Controls
  • 12. Database Photo by Kevin / Flickr.com
  • 13. Code Photo by nikio / Flickr.com
  • 14. Device Photo by ari / Flickr.com
  • 15. Money Photo by 401(K) / Flickr.com
  • 16. Assets Threats Mobile SECURITYRisks Controls
  • 17. Assets Threats Mobile SECURITYRisks Controls
  • 18. Types Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege
  • 19. Attackers END USER WEB APPLICATION BACKEND ATTACKER ADMINISTRATOR ATTACKER owasp.org
  • 20. Web sites App stores Web services Model Cloud storage Corporate networks WEB SMS WIFI/3G Network/VPN Carrier Mobile deviceVoice Network Corporate Consumer Built-in Malicious APP APP APP APP Peer devices NFC Payments Laptops LIBRARIES OS Laptops Sensors Hardware HARDWARE extensions
  • 21. Web sites App stores Web services Model Cloud storage Corporate networks WEB SMS WIFI/3G Network/VPN Carrier Mobile deviceVoice Network Corporate Consumer Built-in Malicious APP APP APP APP Peer devices NFC Payments Laptops LIBRARIES OS Laptops Sensors Hardware HARDWARE extensions
  • 22. Assets Threats Mobile SECURITYRisks Controls
  • 23. Assets Threats Mobile SECURITYRisks Controls
  • 24. Design Which kind of mobile solution? • Native app • Hybrid native-web app • Mobile site • App that contains a mobile site
  • 25. Data Which are the sensitive data? • Password • Username • Device ID • Session token
  • 26. Data Where are the sensitive data? • Device memory • Code • Network • Cache, log and temp files
  • 27. Inputs Which kind of input to trust? • NFC • QR Codes • SMS
  • 28. Assets Threats Mobile SECURITYRisks Controls
  • 29. Assets Threats Mobile SECURITYRisks Controls
  • 30. OWASP
  • 31. Developers Photo by kk / Flickr.com
  • 32. Testers Photo by sebastian_bergmann / Flickr.com
  • 33. Organizations Photo by swisscan / Flickr.com
  • 34. Photo by fargazzi / Flickr.com
  • 35. Thank you :)
  • 36. www.francesco.iovine.name f.iovine@gmail.com @franciovCredits: Cinzia Querques Giuseppe F. Italiano Simone Onofri Marco Ramilli