MOBILE SECURITYThe challenge of security for mobile applications       Francesco Iovine @ Better Software 2012
Breaking news!
August, 6How Apple and Amazon security flawsled to my epic hacking.                                  Mat Honan / wired.com...
August, 23The Role of the National Institute of Standardsand Technology in Mobile Security                       nist.gov ...
September, 41 Million Apple ID Numbers Posted by Hackers                                       arstechnica.com            ...
Assets              Threats          Mobile         SECURITYRisks               Controls
Assets          Mobile         SECURITY
Assets              Threats          Mobile         SECURITY
Assets              Threats          Mobile         SECURITYRisks
Assets              Threats          Mobile         SECURITYRisks               Controls
Assets              Threats          Mobile         SECURITYRisks               Controls
Database           Photo by Kevin / Flickr.com
Code       Photo by nikio / Flickr.com
Device         Photo by ari / Flickr.com
Money        Photo by 401(K) / Flickr.com
Assets              Threats          Mobile         SECURITYRisks               Controls
Assets              Threats          Mobile         SECURITYRisks               Controls
Types        Spoofing        Tampering        Repudiation        Information disclosure        Denial of service        El...
Attackers     END USER         WEB APPLICATION   BACKEND     ATTACKER   ADMINISTRATOR           ATTACKER                  ...
Web sites                                            App stores                       Web services Model                  ...
Web sites                                              App stores                       Web services Model                ...
Assets              Threats          Mobile         SECURITYRisks               Controls
Assets              Threats          Mobile         SECURITYRisks               Controls
Design         Which kind of mobile solution?          •   Native app          •   Hybrid native-web app          •   Mobi...
Data       Which are the sensitive data?        •   Password        •   Username        •   Device ID        •   Session t...
Data       Where are the sensitive data?        •   Device memory        •   Code        •   Network        •   Cache, log...
Inputs         Which kind of input to trust?          •   NFC          •   QR Codes          •   SMS
Assets              Threats          Mobile         SECURITYRisks               Controls
Assets              Threats          Mobile         SECURITYRisks               Controls
OWASP
Developers             Photo by kk / Flickr.com
Testers          Photo by sebastian_bergmann / Flickr.com
Organizations                Photo by swisscan / Flickr.com
Photo by fargazzi / Flickr.com
Thank you :)
www.francesco.iovine.name           f.iovine@gmail.com           @franciovCredits:   Cinzia Querques           Giuseppe F....
Upcoming SlideShare
Loading in …5
×

Mobile security - the challenge of security for mobile applications

3,300 views

Published on

Better Software 2012: http://www.bettersoftware.it/conference/talks/mobile-security

Published in: Technology, Business
2 Comments
6 Likes
Statistics
Notes
  • For data visualization,data analytics,data intelligence and ERP Tools, online training with job placements, register at http://www.todaycourses.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Now mobile security is not a challenge. One can achieve it by just simply buying an encrypted phone that has all the features to protect privacy. Check www.speakinprivate.com to learn more about the product.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
3,300
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
0
Comments
2
Likes
6
Embeds 0
No embeds

No notes for slide

Mobile security - the challenge of security for mobile applications

  1. 1. MOBILE SECURITYThe challenge of security for mobile applications Francesco Iovine @ Better Software 2012
  2. 2. Breaking news!
  3. 3. August, 6How Apple and Amazon security flawsled to my epic hacking. Mat Honan / wired.com Photo by Wired.com
  4. 4. August, 23The Role of the National Institute of Standardsand Technology in Mobile Security nist.gov Photo by freefotouk / Flickr.com
  5. 5. September, 41 Million Apple ID Numbers Posted by Hackers arstechnica.com Photo by raincoaster / Flickr.com
  6. 6. Assets Threats Mobile SECURITYRisks Controls
  7. 7. Assets Mobile SECURITY
  8. 8. Assets Threats Mobile SECURITY
  9. 9. Assets Threats Mobile SECURITYRisks
  10. 10. Assets Threats Mobile SECURITYRisks Controls
  11. 11. Assets Threats Mobile SECURITYRisks Controls
  12. 12. Database Photo by Kevin / Flickr.com
  13. 13. Code Photo by nikio / Flickr.com
  14. 14. Device Photo by ari / Flickr.com
  15. 15. Money Photo by 401(K) / Flickr.com
  16. 16. Assets Threats Mobile SECURITYRisks Controls
  17. 17. Assets Threats Mobile SECURITYRisks Controls
  18. 18. Types Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege
  19. 19. Attackers END USER WEB APPLICATION BACKEND ATTACKER ADMINISTRATOR ATTACKER owasp.org
  20. 20. Web sites App stores Web services Model Cloud storage Corporate networks WEB SMS WIFI/3G Network/VPN Carrier Mobile deviceVoice Network Corporate Consumer Built-in Malicious APP APP APP APP Peer devices NFC Payments Laptops LIBRARIES OS Laptops Sensors Hardware HARDWARE extensions
  21. 21. Web sites App stores Web services Model Cloud storage Corporate networks WEB SMS WIFI/3G Network/VPN Carrier Mobile deviceVoice Network Corporate Consumer Built-in Malicious APP APP APP APP Peer devices NFC Payments Laptops LIBRARIES OS Laptops Sensors Hardware HARDWARE extensions
  22. 22. Assets Threats Mobile SECURITYRisks Controls
  23. 23. Assets Threats Mobile SECURITYRisks Controls
  24. 24. Design Which kind of mobile solution? • Native app • Hybrid native-web app • Mobile site • App that contains a mobile site
  25. 25. Data Which are the sensitive data? • Password • Username • Device ID • Session token
  26. 26. Data Where are the sensitive data? • Device memory • Code • Network • Cache, log and temp files
  27. 27. Inputs Which kind of input to trust? • NFC • QR Codes • SMS
  28. 28. Assets Threats Mobile SECURITYRisks Controls
  29. 29. Assets Threats Mobile SECURITYRisks Controls
  30. 30. OWASP
  31. 31. Developers Photo by kk / Flickr.com
  32. 32. Testers Photo by sebastian_bergmann / Flickr.com
  33. 33. Organizations Photo by swisscan / Flickr.com
  34. 34. Photo by fargazzi / Flickr.com
  35. 35. Thank you :)
  36. 36. www.francesco.iovine.name f.iovine@gmail.com @franciovCredits: Cinzia Querques Giuseppe F. Italiano Simone Onofri Marco Ramilli

×