SlideShare a Scribd company logo

Mobile Security - Dutch Mobile .Net Developers

Download as PPTX, PDF
Alberto Aguzzi
Alberto Aguzzi

This is the presentation that I gave on the 12th of May at the Macaw HQ for the Dutch Mobile .Net Developers User Group

Software
1 of 38
DUTCH MOBILE .NET DEVELOPERS XAMARIN REVOLVE16
Agenda • OWASP Mobile Security Threats • Enterprise Mobility Suite (Intune) • Intune SDK
• OWASP Mobile Security Threats
The Open Web Application Security Project • OWASP Top 10 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project • OWASP Top 10 for Mobile 2014 https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_ -_Top_Ten_Mobile_Risks • OWASP Top 10 for Mobile 2016 RC https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
OWASP Top 10 for Mobile 2016 RC • M1 – Improper Platform Usage • M2 – Insecure Data Storage • M3 – Insecure Communication • M4 – Insecure Authentication • M5 – Insufficient Cryptography • M6 – Insecure Authorization • M7 – Client Code Quality • M8 – Code Tampering • M9 – Reverse Engineering • M10 – Extraneous Functionality
M1 – Improper Platform Usage
M2 – Insecure Data Storage
M3 – Insecure Communication
M4 – Insecure Authentication
M5 – Insufficient Cryptography
M6 – Insecure Authorization
M7 – Client Code Quality M8 – Code Tampering
M9 – Reverse Engineering
M10 – Extraneous Functionality
Mobile Security Threats Percentages
• Enterprise Mobility Suite
Enterprise Mobility Vision
Microsoft Intune Main possibilities: • Mobile Device Management (MDM) • Mobile Application Management (MAM) • Mobile Application Security
Intune in Microsoft App Development stack
Common scenario’s • Securing your on-premises email and collaboration infrastructure so that it can be accessed by mobile devices and apps on the Internet • Enabling your organization to issue hardware to its employees • Enabling your organization to implement a secure “Bring Your Own Device (BYOD)” or personal device strategy
Demo • Add user • Enable device management • Create a policy
• Intune SDK
Intune SDK Possibilities • Manage different app parts with Microsoft Intune • Available for iOS, Android, Xamarin (Forms) & Cordova • Easy to integrate in a existing app • When activated protect corporate data
How it works • The SDK is in the app. • Intune sends policies to the app. • Based on these policies the SDK might change the behavior. • The SDK will do nothing if the device or app is not managed.
Control users’ ability to move documents
Configure clipboard restrictions
Configure screen capture restrictions
Enforce encryption on saved data
Remotely wipe corporate data
Enforce the use of a managed browser
Enforce a PIN policy
Require users to enter credentials
Check device health and compliance
Different Management configurations SDK can work with: • Mobile Device Management (MDM) • Devices without MDM (MAM)
Demo • Enable the Intune SDK in iOS
Where to go from here Xamarin Evolve Sessions: • Addressing the OWASP Mobile Security Threats Using Xamarin https://evolve.xamarin.com/session/56e1ff1efd00c0253cae339e • Enterprise Mobility: Keep It Safe https://evolve.xamarin.com/session/56ec8771790aae283cca279e • Think Like a Hacker! https://evolve.xamarin.com/session/56ec3cd4de91c6253c277bc0 Trial accounts: • Getting started with Enterprise Mobility Suite https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx • Start with Microsoft Intune https://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/default.aspx • Azure Active Directory federation compatibility list https://msdn.microsoft.com/en-us/library/azure/jj679342.aspx
Questions?
ENGINEER YOUR FUTURE TODAY www.macaw.nl

Recommended

Revolve16 - Mobile Search with Google App Indexing in Xamarin Forms
Revolve16 - Mobile Search with Google App Indexing in Xamarin FormsRevolve16 - Mobile Search with Google App Indexing in Xamarin Forms
Revolve16 - Mobile Search with Google App Indexing in Xamarin FormsVincent Hoogendoorn
 
Android Instant Apps testing
Android Instant Apps testingAndroid Instant Apps testing
Android Instant Apps testingDiana Pinchuk
 
Consigue una App 5 estrellas
Consigue una App 5 estrellasConsigue una App 5 estrellas
Consigue una App 5 estrellasGlobe Testing
 
Mobile Test Automation
Mobile Test AutomationMobile Test Automation
Mobile Test AutomationAndreas Jakl
 
Building mobile back ends with windows azure mobile services
Building mobile back ends with windows azure mobile servicesBuilding mobile back ends with windows azure mobile services
Building mobile back ends with windows azure mobile servicesAidan Casey
 
Appium - Reality check on the world’s leading Open Source Framework for Mobil...
Appium - Reality check on the world’s leading Open Source Framework for Mobil...Appium - Reality check on the world’s leading Open Source Framework for Mobil...
Appium - Reality check on the world’s leading Open Source Framework for Mobil...Asaf Saar
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsIsaac Murchie
 
Inspector presentation
Inspector presentationInspector presentation
Inspector presentationValerio Barbera
 

Recommended

Revolve16 - Mobile Search with Google App Indexing in Xamarin Forms
Revolve16 - Mobile Search with Google App Indexing in Xamarin FormsRevolve16 - Mobile Search with Google App Indexing in Xamarin Forms
Revolve16 - Mobile Search with Google App Indexing in Xamarin FormsVincent Hoogendoorn
 
Android Instant Apps testing
Android Instant Apps testingAndroid Instant Apps testing
Android Instant Apps testingDiana Pinchuk
 
Consigue una App 5 estrellas
Consigue una App 5 estrellasConsigue una App 5 estrellas
Consigue una App 5 estrellasGlobe Testing
 
Mobile Test Automation
Mobile Test AutomationMobile Test Automation
Mobile Test AutomationAndreas Jakl
 
Building mobile back ends with windows azure mobile services
Building mobile back ends with windows azure mobile servicesBuilding mobile back ends with windows azure mobile services
Building mobile back ends with windows azure mobile servicesAidan Casey
 
Appium - Reality check on the world’s leading Open Source Framework for Mobil...
Appium - Reality check on the world’s leading Open Source Framework for Mobil...Appium - Reality check on the world’s leading Open Source Framework for Mobil...
Appium - Reality check on the world’s leading Open Source Framework for Mobil...Asaf Saar
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsIsaac Murchie
 
Inspector presentation
Inspector presentationInspector presentation
Inspector presentationValerio Barbera
 
Beyond Appium: Testing with Espresso & the Real Device Cloud
Beyond Appium: Testing with Espresso & the Real Device CloudBeyond Appium: Testing with Espresso & the Real Device Cloud
Beyond Appium: Testing with Espresso & the Real Device CloudSauce Labs
 
Automating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumAutomating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumSauce Labs
 
Progressive Web Apps
Progressive Web AppsProgressive Web Apps
Progressive Web AppsIgor Chiriac
 
How React Native has changed Web and Mobile Application Development, Engineer...
How React Native has changed Web and Mobile Application Development, Engineer...How React Native has changed Web and Mobile Application Development, Engineer...
How React Native has changed Web and Mobile Application Development, Engineer...engineermaste solution
 
Mobile Test Automation - Appium
Mobile Test Automation - AppiumMobile Test Automation - Appium
Mobile Test Automation - AppiumMaria Machlowska
 
Here are the Most Useful Tools for Mobile App Development
Here are the Most Useful Tools for Mobile App DevelopmentHere are the Most Useful Tools for Mobile App Development
Here are the Most Useful Tools for Mobile App DevelopmentIndianAppDevelopers
 
Appium training online|Mobile automation testing with appium
Appium training online|Mobile automation testing with appiumAppium training online|Mobile automation testing with appium
Appium training online|Mobile automation testing with appiumQA Masters
 
Open Web Apps - State of the Browser 2014
Open Web Apps - State of the Browser 2014Open Web Apps - State of the Browser 2014
Open Web Apps - State of the Browser 2014Christian Heilmann
 
IBM Bluemix Cloud Platform Application Development with Eclipse IDE
IBM Bluemix Cloud Platform Application Development with Eclipse IDEIBM Bluemix Cloud Platform Application Development with Eclipse IDE
IBM Bluemix Cloud Platform Application Development with Eclipse IDEhkbhadraa
 
4 Sessions Junio 2015: Xamarin Test Cloud & Insight
4 Sessions Junio 2015: Xamarin Test Cloud & Insight4 Sessions Junio 2015: Xamarin Test Cloud & Insight
4 Sessions Junio 2015: Xamarin Test Cloud & Insight[T]echdencias
 
Mobile apps at work for non for profit accountants aicpa
Mobile apps at work for non for profit accountants aicpaMobile apps at work for non for profit accountants aicpa
Mobile apps at work for non for profit accountants aicpaAbila
 
Mobile Apps at Work for Non For Profit Accountants #AICPANFP
Mobile Apps at Work for Non For Profit Accountants #AICPANFPMobile Apps at Work for Non For Profit Accountants #AICPANFP
Mobile Apps at Work for Non For Profit Accountants #AICPANFPgrimesba
 
RAKSHAK - MARKETING APP FOR ANDROID
RAKSHAK - MARKETING APP FOR ANDROID RAKSHAK - MARKETING APP FOR ANDROID
RAKSHAK - MARKETING APP FOR ANDROID Aman Mittal
 
Appium - test automation for mobile apps
Appium - test automation for mobile appsAppium - test automation for mobile apps
Appium - test automation for mobile appsAleksejs Trescalins
 
Resume (2)
Resume (2)Resume (2)
Resume (2)Debasish Panda
 
Appium tutorial| Appium Training
Appium tutorial| Appium Training Appium tutorial| Appium Training
Appium tutorial| Appium Training QA Masters
 
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with AppiumSrijan Technologies
 
Appium meet up noida
Appium meet up noidaAppium meet up noida
Appium meet up noidaAmit Rawat
 
Cocoa coders 141113-watch
Cocoa coders 141113-watchCocoa coders 141113-watch
Cocoa coders 141113-watchCarl Brown
 
Intro to Meteor [Deprecated]
Intro to Meteor [Deprecated]Intro to Meteor [Deprecated]
Intro to Meteor [Deprecated]MeteorJS
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAddressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAlec Tucker
 

More Related Content

What's hot

Beyond Appium: Testing with Espresso & the Real Device Cloud
Beyond Appium: Testing with Espresso & the Real Device CloudBeyond Appium: Testing with Espresso & the Real Device Cloud
Beyond Appium: Testing with Espresso & the Real Device CloudSauce Labs
 
Automating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumAutomating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumSauce Labs
 
Progressive Web Apps
Progressive Web AppsProgressive Web Apps
Progressive Web AppsIgor Chiriac
 
How React Native has changed Web and Mobile Application Development, Engineer...
How React Native has changed Web and Mobile Application Development, Engineer...How React Native has changed Web and Mobile Application Development, Engineer...
How React Native has changed Web and Mobile Application Development, Engineer...engineermaste solution
 
Mobile Test Automation - Appium
Mobile Test Automation - AppiumMobile Test Automation - Appium
Mobile Test Automation - AppiumMaria Machlowska
 
Here are the Most Useful Tools for Mobile App Development
Here are the Most Useful Tools for Mobile App DevelopmentHere are the Most Useful Tools for Mobile App Development
Here are the Most Useful Tools for Mobile App DevelopmentIndianAppDevelopers
 
Appium training online|Mobile automation testing with appium
Appium training online|Mobile automation testing with appiumAppium training online|Mobile automation testing with appium
Appium training online|Mobile automation testing with appiumQA Masters
 
Open Web Apps - State of the Browser 2014
Open Web Apps - State of the Browser 2014Open Web Apps - State of the Browser 2014
Open Web Apps - State of the Browser 2014Christian Heilmann
 
IBM Bluemix Cloud Platform Application Development with Eclipse IDE
IBM Bluemix Cloud Platform Application Development with Eclipse IDEIBM Bluemix Cloud Platform Application Development with Eclipse IDE
IBM Bluemix Cloud Platform Application Development with Eclipse IDEhkbhadraa
 
4 Sessions Junio 2015: Xamarin Test Cloud & Insight
4 Sessions Junio 2015: Xamarin Test Cloud & Insight4 Sessions Junio 2015: Xamarin Test Cloud & Insight
4 Sessions Junio 2015: Xamarin Test Cloud & Insight[T]echdencias
 
Mobile apps at work for non for profit accountants aicpa
Mobile apps at work for non for profit accountants aicpaMobile apps at work for non for profit accountants aicpa
Mobile apps at work for non for profit accountants aicpaAbila
 
Mobile Apps at Work for Non For Profit Accountants #AICPANFP
Mobile Apps at Work for Non For Profit Accountants #AICPANFPMobile Apps at Work for Non For Profit Accountants #AICPANFP
Mobile Apps at Work for Non For Profit Accountants #AICPANFPgrimesba
 
RAKSHAK - MARKETING APP FOR ANDROID
RAKSHAK - MARKETING APP FOR ANDROID RAKSHAK - MARKETING APP FOR ANDROID
RAKSHAK - MARKETING APP FOR ANDROID Aman Mittal
 
Appium - test automation for mobile apps
Appium - test automation for mobile appsAppium - test automation for mobile apps
Appium - test automation for mobile appsAleksejs Trescalins
 
Appium tutorial| Appium Training
Appium tutorial| Appium Training Appium tutorial| Appium Training
Appium tutorial| Appium Training QA Masters
 
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with AppiumSrijan Technologies
 
Appium meet up noida
Appium meet up noidaAppium meet up noida
Appium meet up noidaAmit Rawat
 
Cocoa coders 141113-watch
Cocoa coders 141113-watchCocoa coders 141113-watch
Cocoa coders 141113-watchCarl Brown
 
Intro to Meteor [Deprecated]
Intro to Meteor [Deprecated]Intro to Meteor [Deprecated]
Intro to Meteor [Deprecated]MeteorJS
 

What's hot (20)

Beyond Appium: Testing with Espresso & the Real Device Cloud
Beyond Appium: Testing with Espresso & the Real Device CloudBeyond Appium: Testing with Espresso & the Real Device Cloud
Beyond Appium: Testing with Espresso & the Real Device Cloud
 
Automating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumAutomating Hybrid Applications with Appium
Automating Hybrid Applications with Appium
 
Progressive Web Apps
Progressive Web AppsProgressive Web Apps
Progressive Web Apps
 
How React Native has changed Web and Mobile Application Development, Engineer...
How React Native has changed Web and Mobile Application Development, Engineer...How React Native has changed Web and Mobile Application Development, Engineer...
How React Native has changed Web and Mobile Application Development, Engineer...
 
Mobile Test Automation - Appium
Mobile Test Automation - AppiumMobile Test Automation - Appium
Mobile Test Automation - Appium
 
Here are the Most Useful Tools for Mobile App Development
Here are the Most Useful Tools for Mobile App DevelopmentHere are the Most Useful Tools for Mobile App Development
Here are the Most Useful Tools for Mobile App Development
 
Appium training online|Mobile automation testing with appium
Appium training online|Mobile automation testing with appiumAppium training online|Mobile automation testing with appium
Appium training online|Mobile automation testing with appium
 
Open Web Apps - State of the Browser 2014
Open Web Apps - State of the Browser 2014Open Web Apps - State of the Browser 2014
Open Web Apps - State of the Browser 2014
 
IBM Bluemix Cloud Platform Application Development with Eclipse IDE
IBM Bluemix Cloud Platform Application Development with Eclipse IDEIBM Bluemix Cloud Platform Application Development with Eclipse IDE
IBM Bluemix Cloud Platform Application Development with Eclipse IDE
 
4 Sessions Junio 2015: Xamarin Test Cloud & Insight
4 Sessions Junio 2015: Xamarin Test Cloud & Insight4 Sessions Junio 2015: Xamarin Test Cloud & Insight
4 Sessions Junio 2015: Xamarin Test Cloud & Insight
 
Mobile apps at work for non for profit accountants aicpa
Mobile apps at work for non for profit accountants aicpaMobile apps at work for non for profit accountants aicpa
Mobile apps at work for non for profit accountants aicpa
 
Mobile Apps at Work for Non For Profit Accountants #AICPANFP
Mobile Apps at Work for Non For Profit Accountants #AICPANFPMobile Apps at Work for Non For Profit Accountants #AICPANFP
Mobile Apps at Work for Non For Profit Accountants #AICPANFP
 
RAKSHAK - MARKETING APP FOR ANDROID
RAKSHAK - MARKETING APP FOR ANDROID RAKSHAK - MARKETING APP FOR ANDROID
RAKSHAK - MARKETING APP FOR ANDROID
 
Appium - test automation for mobile apps
Appium - test automation for mobile appsAppium - test automation for mobile apps
Appium - test automation for mobile apps
 
Resume (2)
Resume (2)Resume (2)
Resume (2)
 
Appium tutorial| Appium Training
Appium tutorial| Appium Training Appium tutorial| Appium Training
Appium tutorial| Appium Training
 
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
 
Appium meet up noida
Appium meet up noidaAppium meet up noida
Appium meet up noida
 
Cocoa coders 141113-watch
Cocoa coders 141113-watchCocoa coders 141113-watch
Cocoa coders 141113-watch
 
Intro to Meteor [Deprecated]
Intro to Meteor [Deprecated]Intro to Meteor [Deprecated]
Intro to Meteor [Deprecated]
 

Similar to Mobile Security - Dutch Mobile .Net Developers

Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAddressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAlec Tucker
 
Mobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGMobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGRomuald SZKUDLAREK
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
DroidCon 2015 - Building Secure Android Apps For The Enterprise
DroidCon 2015 - Building Secure Android Apps For The Enterprise DroidCon 2015 - Building Secure Android Apps For The Enterprise
DroidCon 2015 - Building Secure Android Apps For The Enterprise Kareem ElSayyed
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Advanced monitoring
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
A day in the life of a pentester
A day in the life of a pentesterA day in the life of a pentester
A day in the life of a pentesterCláudio André
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
Wso2 con byod-shan-ppt
Wso2 con byod-shan-pptWso2 con byod-shan-ppt
Wso2 con byod-shan-pptWSO2
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
GOAppZone Data Sheet
GOAppZone Data SheetGOAppZone Data Sheet
GOAppZone Data Sheetykaralis
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 

Similar to Mobile Security - Dutch Mobile .Net Developers (20)

Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
 
Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAddressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using Xamarin
 
Mobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGMobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTG
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
DroidCon 2015 - Building Secure Android Apps For The Enterprise
DroidCon 2015 - Building Secure Android Apps For The Enterprise DroidCon 2015 - Building Secure Android Apps For The Enterprise
DroidCon 2015 - Building Secure Android Apps For The Enterprise
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
 
A day in the life of a pentester
A day in the life of a pentesterA day in the life of a pentester
A day in the life of a pentester
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
 
Wso2 con byod-shan-ppt
Wso2 con byod-shan-pptWso2 con byod-shan-ppt
Wso2 con byod-shan-ppt
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
 
GOAppZone Data Sheet
GOAppZone Data SheetGOAppZone Data Sheet
GOAppZone Data Sheet
 
Smartphone security issues
Smartphone security issuesSmartphone security issues
Smartphone security issues
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 

Recently uploaded

WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2
 
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...WSO2
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2
 
WSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million PeopleWSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million PeopleWSO2
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2
 

Recently uploaded (20)

WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
 
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
 
WSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million PeopleWSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million People
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 

Mobile Security - Dutch Mobile .Net Developers

Editor's Notes

  1. Onlangs naar Xamarin Evolve geweest met Vincent Hoogendoorn Verschillende sessie bijgewoond o.a. over security omdat ik vind dat dit een steeds belangrijker onderdeel van het Software Development proces wordt. Niet alleen vanwege onze apps maar zeker ook met alle IoT apparaten die er de komende tijd aan gaan komen en waar veilige software voor geschreven moet worden. Agenda: Awareness creeren EMS Microsofts visie op Enterprise Mobility (MDM) Intune SDK als MAM. Waarbij Intune de management tool is voor zowel MDM als MAM.
  2. Dit onderdeel is voornamlijk om een stukje awareness te creeeren. We gaan dus niet in detail in op alle onderdelen. Ieder onderdeel zou namelijk al een sessie op zich zelf kunnen zijn. Vraag: Wie van ons zijn we allemaal app developers? Vraag: Wie denkt er dat zijn apps veilig zijn? Optioneel: Wie weet dat zijn app veilig zijn? Wij als app developers hebben er goed vertrouwen in dat onze apps veilig zijn echter weten we dit niet zeker totdat dit ook aangetoont is.
  3. Vraag: Wie is er bekend met OWASP? Ik ben bekend geraakt met OWASP bij mijn vorige werkgever waar een college van me grote bijdrage heeft geleverd aan dit project. Dit ging toendertijd over web. Sinds 2014 is er een mobile versie De huidige PROD versie is 2014 maar er is een Release Candidate lijst voor 2016.
  4. De mensen van Arxan (Application Protection Company), die o.a. een sessie hebben gegeven over ‘Think like a hacker’, hebben een rapport opgesteld waaruit blijkt dat 92 procent van de financiele apps tenminste 2 van deze punten niet adresseerden. 8 stuks van deze lijst kwamen ook al voor in 2014 en je zou je afvragen waarom deze er 2 jaar later nog opstaan. Snel moeten opleveren. Te maken hebben met het halen van deadlines Onvoldoende testen. Te weinig / te laat Malware in apps of devices. Jailbroken of Rooted devices op een bedrijfsnetwerk Lagere security budgets for mobile devices. Mogelijk omdat de business denkt dat er minder kans bestaat op schade aagericht door mobile device Te weinig expertise / policies
  5. Niet goed gebruiken van platform features of niet gebruiken van de platform security mogelijkheden
  6. Heeft te maken met data in rust (stand). SQL Databases Log Files XML datastores / manifest files Binary data stores SD Card Cloud sync’d folders
  7. Hier gaat het om het uitwisselen van data tussen de app en de server SSL certificate validity Poor handshaking Incorrect SLL versions Weak negotiation Cleartext communication of sensitive assets (mac address, ip address)
  8. Je ziet soms dat de app een vervanging is van de webapp. Zorg er dan voor dat je op eenzelfde manier autheticeerd als in de browser. Het zou niet mogelijk moeten zijn om op de mobiel met minder authenticatie factoren te werken als in de browser. Tip: gebruik nooit een device indentifier (UDID, IP, MAC address, IMEI) om een sessie te identificeren. Niet alleen omdat het niet slim is maar het mag in sommige regios juridisch ook niet.
  9. Sla alleen de data op die je nodig heb. Zorg dat secret key beschermd is tegen unauthorized access. (In keychain bijvoorbeeld) Als je hardware info wilt gebruiken dan kan dat maar niet enkel en alleen maar deze info. Maak een combinatie van deze info met: - iets wat de gebruiker zelf invoert - iets wat nooit op het device staat. Voorbeeld: Telebankieren apps.
  10. Je bent wie je bent en je mag doen wat je mag doen maar laat het niet daarbij. Als je veiliger wilt zijn check dit dan weer iop de server bij een request. Je kan er niet vanuit gaan dat een device niet compromised (aangetast) is.
  11. Hebben beiden te maken met de mogelijkheid om dynamisch zaken te kunnen veranderen aan het gedrag van de app. Voor personen die goed in deze materie (en die zijn er!) zitten hoeft dat niet moeilijk te zijn. Meer info hierover is te vinden in de ‘Think like a hacker session’.
  12. Heeft alles te maken met het decompileren van de binarie files. Stel voor dat je gaat voor het maximale code sharing en vervolgens distibueer je de app naar Windows, iOS & Android. Het is niet zoo moeilijk om de apk te verkijgen, er in te kijken (t’is een zip file), de binary te pakken en door een decompiler te halen en zo info te verkrijgen over de implementatie in de ander platformen.
  13. Nieuw in 2016 op de lijst Heeft te maken met zaken die in de app staan die er eigenlijk niet thuishoren (per ongeluk of moedwillig) Work-a-round die in develop bepaalde check uitvinken en per ongeluk niet met een test naar voren komen en uitgeleverd worden. Zorg dus dat er altijd voldoende test zijn die de beveiliging checken
  14. Om een beetje een idee te krijgen in welke hoeveelheden deze threats voorkomen. Je zou dit als handvat kunnen nemen om de prioriteit te bepalen welke je als eerste wilt adresseren. Let wel: Dit gaat over de lijst van 2014. 2016 komt binnenkort beschikbaar.
  15. The Enterprise Mobility Suite is Microsoft zijn visie op Enterprise Mobility en is a compleet geintegreerde set van tools en services voor de Enterprise. Inclusief productiviteit (Office 365), identity, access control, management and data beveiliging. EMS is a complete integrated suite for enterprise mobility inclusive of productivity, identity, access control, management and data protection.
  16. Enterprise Mobility Suite bied mogelijkheden voor: Identity Management d.m.v. Azure Active Directory Premium Mobile Device Management Mobile Application Management Data beveiliging
  17. Microsoft Intune is the "management arm" of the Microsoft Enterprise Mobility Suite (EMS) Voornaamste mogelijkheden Mogelijkheid om devices aan te melden zodat je deze kan uitrollen, configureren, monitoren en acties te ondernemen zoals bijvoorbeeld wiping (schoonmaken). Mogelijkheid om apps te publishen, te pushen, configureren, beveiligen, monitoren en te updaten. Als onderdeel van het managen van een app bied Intune de mogelijkheid om data te beveiligen door persoonlijke data te isoleren van bedrijfsdata en deze laatste selectief te verwijderen.
  18. Om een idee te krijgen waar Intune zich bevind binnen App Development
  19. Beveiligen van on-premises email & data zodat deze veilig benaderd kan worden vanaf mobile devices Uitleveren van bedrijfshardware aan informatie werkers Het voorzien in een BYOD programma voor alle medewerkers
  20. Set up users Enable Device Management Kies 'Set Mobile Device Management Authority'. For iOS there are some steps involved. 1 - Download the 'APNs Certificate Request for Intune‘ 2 - Goto the 'Apple Push Certificates Portal' and create a new APN certificate by uploading the request file. 3 - Upload the APN certificate you created in the portal with the correct AppleID Create a policy You have options to create Resource Access Profiles such as VPN & Wifi for Android, iOS, Windows & Windows Phone but that's beyond the scope of this demo. Create a Baseline Mobile Device Security Policy that will be applied to devices that will be enrolled to Intune.
  21. Historie of the Intune SDK Komt in eerste instantie vanuit het Office team van waaruit ze de visie hadden om de Desktop apps veilig te laten draaien op mobile apparaten Vervolgens gekeken wat nog meer mogelijk was en ingebakken in thirth party apps (Box en andere bekende apps) Met de ervaring die is opgedaan is er in eerste instantie een SDK gemaakt voor native iOS & Android apps. Uitgebreid met crossplatform ondersteuning voor Xamarin (Forms) & Cordova. Dit component is nog niet beschikbaar maar komt in de component store met Release Cycle 7
  22. Zorgt ervoor dat onderdelen van de app gemanaged kunnen worden met Microsoft Intune Beschikbaar voor iOS, Android, Xamarin (Forms) & Cordova Is makkelijk te integreren in een bestaande app. De meeste onderdelen kunnen geintegreerd worden zonder dat het gedrag van de app veranderd hoeft te worden. Zodra geactiveerd voor een app kan je resticties zetten in Intune zodat daarmee je bedrijfsgegevens beveiligd zijn
  23. Pollicies currently available for Intune SDK: Controle over het verplaatsen van bedrijfsdocumenten. Je kan een policy instellen om te zorgen dat bepaalde data bijvoorbeeld niet gebackuped mag worden in de Cloud.
  24. Controle over het clipboard. Je kan een policie instellen om te zorgen dat data niet gekopie/pasted mag worden uit een managed app in een niet managed app
  25. Controle over schermprints. Je kan een policy instellen om te zorgen dat er geen schermprints gemaakt mogen worden van managed apps. LET OP: Momenteel enkel beschikbaar voor Android!
  26. Afdwingen van data encryptie. Je kan een policy instellen om te zorgen dat encryptie van de data afgedwongen wordt.
  27. Verwijderen van bedrijfsdata. Zodra een app via Intune unmanaged wordt kan de data verwijderd worden. Dit kan op basis van identity zodat enkel de data horende bij de desbetreffende indentity verwijderd wordt. Hiervoor moet wel de app worden aangepast. Deze moet o.b.v. user settings de indentity bepalen. Anders wordt de hele app directory verwijderd en wordt de gebruiker daarvan op de hoogte gesteld.
  28. Afdwingen van een managed browser. Je kan een policy instellen om te zorgen dat links in een managed app geopend worden binnen een Intune managed browser.
  29. Afdwingen van een pincode. Je kan een policy instellen om te zorgen dat er een pincode moet worden ingevoerd zodra de app start. Dit zorgt ervoor dat de gebruiker die aangemeld is bij Intune ook diezelfde is die de app gebruikt. Bij het opstellen van de pincode maakt de Intune SDK gebruik van Azure Active Directory om de gebruikers credentials te verifieren tegen de credentials van toen het apparaat werd aangemeld bij Intune.
  30. Afdwingen van credentials. Je kan een policy instellen om te zorgen dat de gebruiker zijn credentials moet opgeven bij het starten van een managed app. De Intune SDK gebruikt daarbij de Azure Active Directory om een Single Sign On ervaring te creeren zodat bij de volgende keer aanloggen dezelfde credentials opnieuw gebruikt worden. Ondersteuning voor authenticatie via Federated Indentity is ook aanwezig (beperkt!).
  31. Controle van toestel status en compliance. De status van het toestel en de compliance aan bedrijfspolicies kan gecontroleerd worden voor het starten van een managed app. Op iOS controleert deze policy of het toestel Jailbroken is, op Android of hij Rooted is.
  32. De manier waarop dat werkt is dat je gebruikelijk een app download, er wordt een certificaat geinstalleerd and het device is daarmee managed BYOD is een goed voorbeeld daarvan. Er zijn veel mensen die productief willen zijn op het device waarvan zij vinden dat dit het beste bij hun past. Maar zij willen, wegens allerlei redenen, dan niet dat dit apparaat gemanaged wordt door het bedrijf maar wel dat de bedrijfdata die erop staat beveiligd is.
  33. Vraag: Wie is er bekend met OWASP? Ik ben bekend geraakt met OWASP bij mijn vorige werkgever waar een college van me grote bijdrage heeft geleverd aan dit project. Dit ging toendertijd over web. Sinds 2014 is er een mobile versie De huidige PROD versie is 2014 maar er is een Release Candidate lijst voor 2016.