• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Mobile security - the challenge of security for mobile applications
 

Mobile security - the challenge of security for mobile applications

on

  • 740 views

Better Software 2012: http://www.bettersoftware.it/conference/talks/mobile-security

Better Software 2012: http://www.bettersoftware.it/conference/talks/mobile-security

Statistics

Views

Total Views
740
Views on SlideShare
735
Embed Views
5

Actions

Likes
1
Downloads
0
Comments
0

3 Embeds 5

https://twitter.com 2
http://lanyrd.com 2
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Mobile security - the challenge of security for mobile applications Mobile security - the challenge of security for mobile applications Presentation Transcript

    • MOBILE SECURITYThe challenge of security for mobile applications Francesco Iovine @ Better Software 2012
    • Breaking news!
    • August, 6How Apple and Amazon security flawsled to my epic hacking. Mat Honan / wired.com Photo by Wired.com
    • August, 23The Role of the National Institute of Standardsand Technology in Mobile Security nist.gov Photo by freefotouk / Flickr.com
    • September, 41 Million Apple ID Numbers Posted by Hackers arstechnica.com Photo by raincoaster / Flickr.com
    • Assets Threats Mobile SECURITYRisks Controls
    • Assets Mobile SECURITY
    • Assets Threats Mobile SECURITY
    • Assets Threats Mobile SECURITYRisks
    • Assets Threats Mobile SECURITYRisks Controls
    • Assets Threats Mobile SECURITYRisks Controls
    • Database Photo by Kevin / Flickr.com
    • Code Photo by nikio / Flickr.com
    • Device Photo by ari / Flickr.com
    • Money Photo by 401(K) / Flickr.com
    • Assets Threats Mobile SECURITYRisks Controls
    • Assets Threats Mobile SECURITYRisks Controls
    • Types Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege
    • Attackers END USER WEB APPLICATION BACKEND ATTACKER ADMINISTRATOR ATTACKER owasp.org
    • Web sites App stores Web services Model Cloud storage Corporate networks WEB SMS WIFI/3G Network/VPN Carrier Mobile deviceVoice Network Corporate Consumer Built-in Malicious APP APP APP APP Peer devices NFC Payments Laptops LIBRARIES OS Laptops Sensors Hardware HARDWARE extensions
    • Web sites App stores Web services Model Cloud storage Corporate networks WEB SMS WIFI/3G Network/VPN Carrier Mobile deviceVoice Network Corporate Consumer Built-in Malicious APP APP APP APP Peer devices NFC Payments Laptops LIBRARIES OS Laptops Sensors Hardware HARDWARE extensions
    • Assets Threats Mobile SECURITYRisks Controls
    • Assets Threats Mobile SECURITYRisks Controls
    • Design Which kind of mobile solution? • Native app • Hybrid native-web app • Mobile site • App that contains a mobile site
    • Data Which are the sensitive data? • Password • Username • Device ID • Session token
    • Data Where are the sensitive data? • Device memory • Code • Network • Cache, log and temp files
    • Inputs Which kind of input to trust? • NFC • QR Codes • SMS
    • Assets Threats Mobile SECURITYRisks Controls
    • Assets Threats Mobile SECURITYRisks Controls
    • OWASP
    • Developers Photo by kk / Flickr.com
    • Testers Photo by sebastian_bergmann / Flickr.com
    • Organizations Photo by swisscan / Flickr.com
    • Photo by fargazzi / Flickr.com
    • Thank you :)
    • www.francesco.iovine.name f.iovine@gmail.com @franciovCredits: Cinzia Querques Giuseppe F. Italiano Simone Onofri Marco Ramilli