SlideShare a Scribd company logo

'SecureMe - Droid' Android Security Application by Vishal Asthana

Download as PPTX, PDF
OWASP Delhi
OWASP Delhi

OWASP Delhi October Meet - 'SecureMe - Droid' Android Security Application by Vishal Asthana

Technology
1 of 23
SecureMe - Droid
About Us Security Consultant at Security Compass Inc. Active in… • Web, Mobile & Infrastructure Security • Research & Development, IoT (new!) • Quick-n-Dirty coder • Proud OSCP
About Us Director India Ops at Security Compass Inc. • Researching in SDLC and Agile Security • SafeCode TLC representative • Co-leading the Delhi chapters – Null (since March 2014) – OWASP (since June 2014) • Founder member of (ISC)² Delhi Chapter
Where it started?
Where it started?
• SMD: SecureMe – Droid • Android security application • Scan installed/updating apps • NVD CVE database as source SecureMe – Droid Overview
• No other app providing this feature • Some similar ideas: – Android OS security apps – Privacy apps http://cmuchimps.org/ – Trustable – Belarc Birth of SMD
SecureMe – Design Consideration
• Secure by Design – Minimum Android Permissions • Network Access • Boot Completed SecureMe – Design Consideration
• Secure by Design – Minimum Android Permissions • Network Access • Boot Completed – Not accessing sensitive data SecureMe – Design Consideration
• Secure by Design – Minimum Android Permissions • Network Access • Boot Completed – Not accessing sensitive data – Post scanning actions • Uninstall unsafe app • Update app using Google Play Store • Keep using app – Why not disable app? SecureMe – Design Consideration
• Secure by Design – Minimum Android Permissions • Network Access • Boot Completed – Not accessing sensitive data – Post scanning actions • Uninstall unsafe app • Update app using Google Play Store • Keep using app – Why not disable app? – Active over Mobile Data and WiFi SecureMe – Design Consideration
• App Scanning – Pre/Already installed apps – Just installed app – Updated app • Scan depth – Low, Normal, Medium – High, Intense • Scheduled Scan SecureMe Droid Internals
• Install SecureMe Droid – Google Play Store – Download from https://secureme.securitycompass.com/ SMD: Internals
• SecureMe Droid detects – New app installation – Existing app update – Scan any installed app • No sensitive information SMD: Internals (contd.)
• SecureMe Android Client and Server – HTTPS Communication • Find security issues: – NVD CVE database SMD: Internals (contd.)
• SecureMe Scan Results – App is safe  – App is unsafe • Uninstall App • Keep App • Update app using Play Store SMD: Internals (contd.)
• Am I Vulnerable (AIV) • Re-branded to SecureMe – Droid (SMD) • AIV + ReBranding = SMD Where is AIV?
Demo Time
Conclusion • Fun side project • First ever conference acceptance and rollout • You MUST use it and provide feedback! 
Abhineet Jayaraj Security Consultant Vishal Asthana Regional Director, India Operations THANK YOU! abhineet@securitycompass.com vishal@securitycompass.com W W W. S E C U R I T Y C O M PA S S . C O M

Recommended

From rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaFrom rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaDevSecCon
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon
 
SC conference - Building AppSec Teams
SC conference - Building AppSec TeamsSC conference - Building AppSec Teams
SC conference - Building AppSec TeamsDinis Cruz
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 

Recommended

From rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaFrom rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaDevSecCon
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon
 
SC conference - Building AppSec Teams
SC conference - Building AppSec TeamsSC conference - Building AppSec Teams
SC conference - Building AppSec TeamsDinis Cruz
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 
Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak
Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak
Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak Directorate of Information Security | Ditjen Aptika
 
Devops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevSecCon
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...LINE Corporation
 
Shifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. KailShifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. KailDevSecCon
 
Simplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security ToolsSimplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security ToolsKevin Fealey
 
Owasp summit 2017
Owasp summit 2017 Owasp summit 2017
Owasp summit 2017 Dinis Cruz
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge frameworkOWASP
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012Nick Galbreath
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenryDevSecCon
 
Security champions v1.0
Security champions v1.0Security champions v1.0
Security champions v1.0Dinis Cruz
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling
 
DevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatopsDevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatopsDevSecCon
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfiantoidsecconf
 
Building an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneBuilding an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneweaveraaaron
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsAlert Logic
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouSBWebinars
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of ITCloudPassage
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon
 
OpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDOpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDSparsh Raj
 
The Teams Behind DevSecOps
The Teams Behind DevSecOps The Teams Behind DevSecOps
The Teams Behind DevSecOps Uleska
 
Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Ontico
 
Testing Android Security
Testing Android SecurityTesting Android Security
Testing Android SecurityJose Manuel Ortega Candel
 

More Related Content

What's hot

Devops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevSecCon
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...LINE Corporation
 
Shifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. KailShifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. KailDevSecCon
 
Simplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security ToolsSimplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security ToolsKevin Fealey
 
Owasp summit 2017
Owasp summit 2017 Owasp summit 2017
Owasp summit 2017 Dinis Cruz
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge frameworkOWASP
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012Nick Galbreath
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenryDevSecCon
 
Security champions v1.0
Security champions v1.0Security champions v1.0
Security champions v1.0Dinis Cruz
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling
 
DevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatopsDevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatopsDevSecCon
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfiantoidsecconf
 
Building an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneBuilding an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneweaveraaaron
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsAlert Logic
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouSBWebinars
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of ITCloudPassage
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon
 
OpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDOpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDSparsh Raj
 
The Teams Behind DevSecOps
The Teams Behind DevSecOps The Teams Behind DevSecOps
The Teams Behind DevSecOps Uleska
 

What's hot (20)

Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak
Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak
Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak
 
Devops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter Chestna
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...
 
Shifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. KailShifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. Kail
 
Simplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security ToolsSimplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security Tools
 
Owasp summit 2017
Owasp summit 2017 Owasp summit 2017
Owasp summit 2017
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
 
Security champions v1.0
Security champions v1.0Security champions v1.0
Security champions v1.0
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
 
DevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatopsDevSecCon Asia 2017 Arun N: Securing chatops
DevSecCon Asia 2017 Arun N: Securing chatops
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfianto
 
Building an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneBuilding an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, sane
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
 
OpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDOpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATED
 
The Teams Behind DevSecOps
The Teams Behind DevSecOps The Teams Behind DevSecOps
The Teams Behind DevSecOps
 

Viewers also liked

Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Ontico
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Ormiston education
Ormiston educationOrmiston education
Ormiston educationJack740
 
Select 4pets
Select 4petsSelect 4pets
Select 4petsJack740
 
CEREC 30
CEREC 30CEREC 30
CEREC 30Lalamay
 
Presentation at the USP VC L&T Forum
Presentation at the USP VC L&T ForumPresentation at the USP VC L&T Forum
Presentation at the USP VC L&T ForumEroni Racule
 
досвід людської особи
досвід людської особидосвід людської особи
досвід людської особиbiblioteka_c
 
集計(暫定版_第1弾調査)
集計(暫定版_第1弾調査)集計(暫定版_第1弾調査)
集計(暫定版_第1弾調査)Uran Bird
 
Learning how to learn
Learning how to learnLearning how to learn
Learning how to learnmanuj1212
 
ThursdayNightBytesF2
ThursdayNightBytesF2ThursdayNightBytesF2
ThursdayNightBytesF2John Perry
 
Antenille’s Statistical Analysis
Antenille’s Statistical AnalysisAntenille’s Statistical Analysis
Antenille’s Statistical Analysisantenille
 
Public business law
Public business lawPublic business law
Public business lawJack740
 
The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)OWASP Delhi
 

Viewers also liked (16)

Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)
 
Testing Android Security
Testing Android SecurityTesting Android Security
Testing Android Security
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 
Android security
Android securityAndroid security
Android security
 
Android Security
Android SecurityAndroid Security
Android Security
 
Ormiston education
Ormiston educationOrmiston education
Ormiston education
 
Select 4pets
Select 4petsSelect 4pets
Select 4pets
 
CEREC 30
CEREC 30CEREC 30
CEREC 30
 
Presentation at the USP VC L&T Forum
Presentation at the USP VC L&T ForumPresentation at the USP VC L&T Forum
Presentation at the USP VC L&T Forum
 
досвід людської особи
досвід людської особидосвід людської особи
досвід людської особи
 
集計(暫定版_第1弾調査)
集計(暫定版_第1弾調査)集計(暫定版_第1弾調査)
集計(暫定版_第1弾調査)
 
Learning how to learn
Learning how to learnLearning how to learn
Learning how to learn
 
ThursdayNightBytesF2
ThursdayNightBytesF2ThursdayNightBytesF2
ThursdayNightBytesF2
 
Antenille’s Statistical Analysis
Antenille’s Statistical AnalysisAntenille’s Statistical Analysis
Antenille’s Statistical Analysis
 
Public business law
Public business lawPublic business law
Public business law
 
The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)
 

Similar to 'SecureMe - Droid' Android Security Application by Vishal Asthana

Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous IntegrationStephen de Vries
 
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...tdc-globalcode
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Márcio Rosa
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
 
Level up your security using Intune.pptx
Level up your security using Intune.pptxLevel up your security using Intune.pptx
Level up your security using Intune.pptxUdaiappa Ramachandran
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Advanced monitoring
 
Snyk investor deck late 2015 short
Snyk investor deck late 2015 shortSnyk investor deck late 2015 short
Snyk investor deck late 2015 shortEd Sim
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines Abdul_Mujeeb
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDefconRussia
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityStephen de Vries
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...Ajin Abraham
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
CactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseCactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseSeth Law
 
SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilityAlienVault
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Securing the hybrid environment with Microsoft Cloud App Security
Securing the hybrid environment with Microsoft Cloud App SecuritySecuring the hybrid environment with Microsoft Cloud App Security
Securing the hybrid environment with Microsoft Cloud App SecurityMatt Fooks
 

Similar to 'SecureMe - Droid' Android Security Application by Vishal Asthana (20)

Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
 
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
 
Level up your security using Intune.pptx
Level up your security using Intune.pptxLevel up your security using Intune.pptx
Level up your security using Intune.pptx
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
 
Snyk investor deck late 2015 short
Snyk investor deck late 2015 shortSnyk investor deck late 2015 short
Snyk investor deck late 2015 short
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
 
Android Security
Android SecurityAndroid Security
Android Security
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 
CactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseCactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and Defense
 
SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibility
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Securing the hybrid environment with Microsoft Cloud App Security
Securing the hybrid environment with Microsoft Cloud App SecuritySecuring the hybrid environment with Microsoft Cloud App Security
Securing the hybrid environment with Microsoft Cloud App Security
 

More from OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeoverOWASP Delhi
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report WritingOWASP Delhi
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air GapOWASP Delhi
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container EscapesOWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using TerraformOWASP Delhi
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelOWASP Delhi
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraOWASP Delhi
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraOWASP Delhi
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi
 

More from OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report Writing
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

'SecureMe - Droid' Android Security Application by Vishal Asthana

  • 2. About Us Security Consultant at Security Compass Inc. Active in… • Web, Mobile & Infrastructure Security • Research & Development, IoT (new!) • Quick-n-Dirty coder • Proud OSCP
  • 3. About Us Director India Ops at Security Compass Inc. • Researching in SDLC and Agile Security • SafeCode TLC representative • Co-leading the Delhi chapters – Null (since March 2014) – OWASP (since June 2014) • Founder member of (ISC)² Delhi Chapter
  • 6.
  • 7. • SMD: SecureMe – Droid • Android security application • Scan installed/updating apps • NVD CVE database as source SecureMe – Droid Overview
  • 8. • No other app providing this feature • Some similar ideas: – Android OS security apps – Privacy apps http://cmuchimps.org/ – Trustable – Belarc Birth of SMD
  • 9. SecureMe – Design Consideration
  • 10. • Secure by Design – Minimum Android Permissions • Network Access • Boot Completed SecureMe – Design Consideration
  • 11. • Secure by Design – Minimum Android Permissions • Network Access • Boot Completed – Not accessing sensitive data SecureMe – Design Consideration
  • 12. • Secure by Design – Minimum Android Permissions • Network Access • Boot Completed – Not accessing sensitive data – Post scanning actions • Uninstall unsafe app • Update app using Google Play Store • Keep using app – Why not disable app? SecureMe – Design Consideration
  • 13. • Secure by Design – Minimum Android Permissions • Network Access • Boot Completed – Not accessing sensitive data – Post scanning actions • Uninstall unsafe app • Update app using Google Play Store • Keep using app – Why not disable app? – Active over Mobile Data and WiFi SecureMe – Design Consideration
  • 14. • App Scanning – Pre/Already installed apps – Just installed app – Updated app • Scan depth – Low, Normal, Medium – High, Intense • Scheduled Scan SecureMe Droid Internals
  • 15. • Install SecureMe Droid – Google Play Store – Download from https://secureme.securitycompass.com/ SMD: Internals
  • 16. • SecureMe Droid detects – New app installation – Existing app update – Scan any installed app • No sensitive information SMD: Internals (contd.)
  • 17. • SecureMe Android Client and Server – HTTPS Communication • Find security issues: – NVD CVE database SMD: Internals (contd.)
  • 18. • SecureMe Scan Results – App is safe  – App is unsafe • Uninstall App • Keep App • Update app using Play Store SMD: Internals (contd.)
  • 19.
  • 20. • Am I Vulnerable (AIV) • Re-branded to SecureMe – Droid (SMD) • AIV + ReBranding = SMD Where is AIV?
  • 22. Conclusion • Fun side project • First ever conference acceptance and rollout • You MUST use it and provide feedback! 
  • 23. Abhineet Jayaraj Security Consultant Vishal Asthana Regional Director, India Operations THANK YOU! abhineet@securitycompass.com vishal@securitycompass.com W W W. S E C U R I T Y C O M PA S S . C O M

Editor's Notes

  1. Here we are to present SecureMe Droid
  2. Abhineet introduction
  3. Vishal introduction
  4. Vishal came up with this project so why don’t you share it with all.
  5. Vishal came up with this project so why don’t you share it with all.
  6. This is what we will be showing you today and this is what I want to happen in the end of this talk. Have SecureMe on all your Android devices.
  7. Light description of SMD and its purpose. CVE is a vendor agnostic and trustworthy database of vulnerabilities in products. Used in different domains of InfoSec.
  8. At the time of development we looked for any other app which might give similar functionality but couldn’t find any. Checked similar apps (from list) but not satisfied our need so SMD born.
  9. How many of the Android users are familiar with this image Battery app is trying to access my phone calls, send sms, etc
  10. It is coded in such a manner that the app uses least perms which helps in privacy and reducing attack surface. Secure by design: min perm, no sensitive info, post scanning modules, scan over wifi & mobile data
  11. Security by design: min perm, no sensitive info, post scanning modules, scan over wifi & mobile data
  12. 3 options for user to choose from. “Disable app” requires Device Admin permissions which we wanted to avoid asking for from user. Secure by Design.
  13. Android does not auto update apps over Mobile Data. It will notify user but not auto update. Security by design: min perm, no sensitive info, post scanning modules, scan over wifi & mobile data
  14. Helping secure the device by giving user option to uninstall the app right from SMD interface Scan depth setting for NVD CVE database. Low scanning depth will miss any past vulnerability. Setting has to be done by the user. Scheduled Scan for auto scanning and notifying user.
  15. Install SMD from mentioned locations.
  16. App data gathering and no sensitive information
  17. Secure client server communication. Check CVE database (already downloaded)
  18. Send scan results to user for action
  19. Putting it all together
  20. AIV and marketing and Nish
  21. Show SMD demo
  22. Conclude SMD talk
  23. Thank you and contact us