Transcript of "Praetorian Veracode Webinar - Mobile Privacy"
OWASP Mobile Top 10 List1. Insecure or unnecessary client-side data storage2. Lack of data protection in transit3. Personal data leakage4. Failure to protect resources with strong authentication5. Failure to implement least privilege authorization policy6. Client-side injection7. Client-side DOS8. Malicious third-party code9. Client-side buffer overflow10. Failure to apply server-side controls
Static Analysis Analysis of software performed without actually executing the program Full coverage of the entire source or binary In theory, having full application knowledge can reveal a wider range of bugs and vulnerabilities than the “trial and error” of dynamic analysis Impossible to identify vulnerabilities based on system configuration that exist only in the deployment environment