Originally presented August 23, 2018
2018 seems to be the year of privacy updates for both iOS and Android. In this webinar, Mobile Security Analyst Tony Ramirez takes a deeper look at security updates for Android including learnings from Android 8, what to expect for Android 9, and the implications for mobile app security.
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
Originally Presenter October 18, 2018
Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps.
This case study webinar covers how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications:
+ Designing a secure app architecture & development process
+ Incorporating security testing into the release cycle
+ Comprehensive penetration testing
Building a Mobile App Pen Testing BlueprintNowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started.
It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app.
This webinar covers:
+Tips and tricks for targeting common issues
+The best tools for the job
+How to document findings to close the loop on vulnerabilities.
A Risk-Based Mobile App Security Testing StrategyNowSecure
Originally presented on September 19, 2018
Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way. NowSecure introduces a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy.
Watch the presentation here: https://www.nowsecure.com/webinars/a-risk-based-mobile-app-security-testing-strategy/
Debunking the Top 5 Myths About Mobile AppSecNowSecure
Originally presented June 24, 2019
https://www.nowsecure.com/resource/debunking-the-top-5-myths-about-mobile-appsec/
It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger.
Have you heard these before?
- Testing mobile apps is the same as web apps
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk
Sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
Hear Radare creator Sergi (Pancake) Alvarez conduct a deep dive of r2frida, a framework that combines the best of Frida and Radare. Frida and Radare are leading open-source reverse engineering tools sponsored by NowSecure. Targeting intermediate to advanced users and security analysts, this overview will highlight the r2frida plug-in architecture.
Watch the webinar: http://bit.ly/2DBHt7M
Watch this webinar to learn:
+ What dynamic and static techniques the individual tools provide to assist security analysts with reverse engineering;
+ Why r2frida’s plugin architecture eases the task of performing reverse engineering workflows;
+ How to create your own new plug-in.
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureNowSecure
Originally Recorded March 18, 2020
DevSecOps enthusiast D.J. Schleen unveils the latest updates to the DevSecOps Reference Architecture, an extensive chart of open-source tools and third-party applications that now includes mobile app pipelines. Join us to score your own copy and learn:
+ The most popular tools and integrations to automate and scale your pipeline
+ How and where mobile DevSecOps differs from web
+ Where to apply dynamic and interactive application security testing to speed app delivery
Originally presented January 23, 2019 -https://www.brighttalk.com/webcast/15139/344870?utm_source=Slideshare&utm_medium=referral&utm_campaign=344870
2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches.
This deck lists our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas:
+ Mobile ecosystem: OSes, devices, apps and app stores
+ Evolving mobile security threats
+ The rise of DevSecOps and the automation of everything
+ The disruptive economics of automating manual pen testing
Originally Recorded July 19, 2019
Apple and Google’s forthcoming mobile operating systems boast a bevy of privacy features that enable users to seize more control of their personal data.
NowSecure Mobile Security Analyst Tony Ramirez will dives into Android and iOS application security and privacy enhancements and what they mean for mobile DevSecOps teams. Join us to learn about:
+ Increased transparency and granularity over location tracking
+ New protections for sensitive information
+ Safer data exchanges in Android Q through TLS 1.3 encryption
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
Originally Presenter October 18, 2018
Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps.
This case study webinar covers how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications:
+ Designing a secure app architecture & development process
+ Incorporating security testing into the release cycle
+ Comprehensive penetration testing
Building a Mobile App Pen Testing BlueprintNowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started.
It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app.
This webinar covers:
+Tips and tricks for targeting common issues
+The best tools for the job
+How to document findings to close the loop on vulnerabilities.
A Risk-Based Mobile App Security Testing StrategyNowSecure
Originally presented on September 19, 2018
Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way. NowSecure introduces a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy.
Watch the presentation here: https://www.nowsecure.com/webinars/a-risk-based-mobile-app-security-testing-strategy/
Debunking the Top 5 Myths About Mobile AppSecNowSecure
Originally presented June 24, 2019
https://www.nowsecure.com/resource/debunking-the-top-5-myths-about-mobile-appsec/
It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger.
Have you heard these before?
- Testing mobile apps is the same as web apps
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk
Sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
Hear Radare creator Sergi (Pancake) Alvarez conduct a deep dive of r2frida, a framework that combines the best of Frida and Radare. Frida and Radare are leading open-source reverse engineering tools sponsored by NowSecure. Targeting intermediate to advanced users and security analysts, this overview will highlight the r2frida plug-in architecture.
Watch the webinar: http://bit.ly/2DBHt7M
Watch this webinar to learn:
+ What dynamic and static techniques the individual tools provide to assist security analysts with reverse engineering;
+ Why r2frida’s plugin architecture eases the task of performing reverse engineering workflows;
+ How to create your own new plug-in.
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureNowSecure
Originally Recorded March 18, 2020
DevSecOps enthusiast D.J. Schleen unveils the latest updates to the DevSecOps Reference Architecture, an extensive chart of open-source tools and third-party applications that now includes mobile app pipelines. Join us to score your own copy and learn:
+ The most popular tools and integrations to automate and scale your pipeline
+ How and where mobile DevSecOps differs from web
+ Where to apply dynamic and interactive application security testing to speed app delivery
Originally presented January 23, 2019 -https://www.brighttalk.com/webcast/15139/344870?utm_source=Slideshare&utm_medium=referral&utm_campaign=344870
2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches.
This deck lists our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas:
+ Mobile ecosystem: OSes, devices, apps and app stores
+ Evolving mobile security threats
+ The rise of DevSecOps and the automation of everything
+ The disruptive economics of automating manual pen testing
Originally Recorded July 19, 2019
Apple and Google’s forthcoming mobile operating systems boast a bevy of privacy features that enable users to seize more control of their personal data.
NowSecure Mobile Security Analyst Tony Ramirez will dives into Android and iOS application security and privacy enhancements and what they mean for mobile DevSecOps teams. Join us to learn about:
+ Increased transparency and granularity over location tracking
+ New protections for sensitive information
+ Safer data exchanges in Android Q through TLS 1.3 encryption
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, and learn about potential future enhancements.
5 Tips for Agile Mobile App Security TestingNowSecure
Originally Presented March 21, 2018
Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities.
Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
Originally presented on January 23, 2018
A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business?
Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
Originally presented on 12/5/2017
To close out the 2017 webinar season, our mobile security expert panel will review the top mobile threats of 2017 (e.g., Cloudbleed, Bootstomp, Broadpwn, and more) and then debate what’s next in mobile app security and mobile app security testing for 2018. See the slides from this spirited discussion of the security ramifications of the new iPhone X, iOS 11, Android 8, the latest innovations in the mobile app security testing, and more. Compare your mobile app security and mobile app security testing initiatives with what our experts say should be your top priorities in 2018.
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
In the final installment of our mobile penetration testing trilogy, we dive deep to find security flaws in mobile apps by dissecting the code with reverse-engineering and code analysis.
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
This is an encore presentation of NowSecure CEO Andrew Hoog’s talk “How Android and iOS Security Enhancements Complicate Threat Detection” from RSA Conference 2017. You'll learn about:
+ Five security enhancements in the Android and iOS platforms that present obstacles to defenders and incident responders
+ Tips on overcoming those challenges
+ The open-source Mobile Triage toolset that facilitates the collection of mobile threat and vulnerability data
Due to the fast-growing on mobile application trends along with business competition, the lack of security concern on mobile development become critical issues which may lead to reputation damage, financial loss and non-compliance (e.g. Privacy and Cybersecurity laws). It's time to focus on Mobile Defense-in-Dev(Depth) !!
The talk will provide the real-world case-studies on mobile application threats in conjunction with the cybersecurity risk mitigation using Secure development standard and guideline which should be integrated into the development process.
Shifting left: Continuous testing for better app quality and securityNowSecure
Learn how automating mobile app security testing can support continuous integration and DevOps initiatives in this webinar with Steven Winter, Founder & Chief Strategist of Guerrilla QA, and Andrew Hoog, CEO & Co-founder of NowSecure.
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
Mobile workforces and apps have revolutionized a number of highly regulated industries. State and federal regulations, such as the Health Information Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), and industry standards, such as the PCI Data Security Standard (PCI DSS) and OWASP Top 10, have evolved as a result. So how do you achieve compliance outcomes for mobile apps?
*These slides accompany the webinar: https://youtu.be/mqIU5dDyHwM
Backstage Tour of Identity - London Identity SummitForgeRock
This session covers the challenges that online retailer “Band Materials” now face as the business grows and the external customer base increases to internet scale. What steps can the management take to transform their customer identity landscape? This backstage tour will cover the live deployment and configuration of components within the ForgeRock Identity Platform.
The session includes interactive discussion and feature:
- Single View of the Customer
- Social media registration
- Multi-Factor Single Sign On
- Consent driven sharing
- IoT integration
You will leave the tour with a good understanding of how to deploy large scale digital identity projects and where you should start.
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
The OWASP Mobile Top 10 is a nice start for any developer or a security professional, but the road is still ahead and there is so much to do to destroy most of the possible doors that hackers can use to find out about app’s vulnerabilities. We look forward to the OWASP to continue their work, but let’s not stay on the sidelines!
Decrease Your Circle of Trust: An Investigation of PKI CAs on Mobile DevicesBlueboxer2014
This year at RSA 2015, Andrew Blaich, lead security analyst at Bluebox, presented the findings of his in-depth investigation into the PKI certificate authorities (CA) that are shipped on mobile devices. The findings proved that users must assume a zero-trust model with their mobile devices to ensure their data is protected from potential risk.
Read more about Andrew’s research here:
https://bluebox.com/blog/technical/cnnic-latest-ca-security-compromise-further-questions-the-trustability-of-devices/
https://bluebox.com/blog/technical/questioning-the-chain-of-trust-investigations-into-the-root-certificates-on-mobile-devices/
DevOps Unleashed: Strategies that Speed DeploymentsForgeRock
Modern identity management platforms must be agile and secure enough to respond to demanding business timelines. As a result, many organizations are seeking cloud-based approaches to digital security and need offerings that are optimized for environments including Cloud Foundry, Azure, GCE, AWS and OpenStack. Your dev-ops strategy could be the difference between hitting or missing business-critical deadlines. In this webinar, learn how we are enhancing the ForgeRock Identity Platform to enable developers to use container-oriented technologies such as Kubernetes and Docker to accelerate deployment.
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...Amazon Web Services
Security is an imperative for any successful IoT deployment. AWS and Intel will showcase their collaboration on IoT security at the edge based on Intel® Zero-Touch Device Onboarding. In this session you will learn how to ensure secure connection back from the edge to AWS cloud, accelerate deployment time for provisioning, and scale solution remotely for customization and management across thousands of devices and end points.
Session sponsored by Intel
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, and learn about potential future enhancements.
5 Tips for Agile Mobile App Security TestingNowSecure
Originally Presented March 21, 2018
Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities.
Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
Originally presented on January 23, 2018
A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business?
Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
Originally presented on 12/5/2017
To close out the 2017 webinar season, our mobile security expert panel will review the top mobile threats of 2017 (e.g., Cloudbleed, Bootstomp, Broadpwn, and more) and then debate what’s next in mobile app security and mobile app security testing for 2018. See the slides from this spirited discussion of the security ramifications of the new iPhone X, iOS 11, Android 8, the latest innovations in the mobile app security testing, and more. Compare your mobile app security and mobile app security testing initiatives with what our experts say should be your top priorities in 2018.
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
In the final installment of our mobile penetration testing trilogy, we dive deep to find security flaws in mobile apps by dissecting the code with reverse-engineering and code analysis.
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
This is an encore presentation of NowSecure CEO Andrew Hoog’s talk “How Android and iOS Security Enhancements Complicate Threat Detection” from RSA Conference 2017. You'll learn about:
+ Five security enhancements in the Android and iOS platforms that present obstacles to defenders and incident responders
+ Tips on overcoming those challenges
+ The open-source Mobile Triage toolset that facilitates the collection of mobile threat and vulnerability data
Due to the fast-growing on mobile application trends along with business competition, the lack of security concern on mobile development become critical issues which may lead to reputation damage, financial loss and non-compliance (e.g. Privacy and Cybersecurity laws). It's time to focus on Mobile Defense-in-Dev(Depth) !!
The talk will provide the real-world case-studies on mobile application threats in conjunction with the cybersecurity risk mitigation using Secure development standard and guideline which should be integrated into the development process.
Shifting left: Continuous testing for better app quality and securityNowSecure
Learn how automating mobile app security testing can support continuous integration and DevOps initiatives in this webinar with Steven Winter, Founder & Chief Strategist of Guerrilla QA, and Andrew Hoog, CEO & Co-founder of NowSecure.
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
Mobile workforces and apps have revolutionized a number of highly regulated industries. State and federal regulations, such as the Health Information Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), and industry standards, such as the PCI Data Security Standard (PCI DSS) and OWASP Top 10, have evolved as a result. So how do you achieve compliance outcomes for mobile apps?
*These slides accompany the webinar: https://youtu.be/mqIU5dDyHwM
Backstage Tour of Identity - London Identity SummitForgeRock
This session covers the challenges that online retailer “Band Materials” now face as the business grows and the external customer base increases to internet scale. What steps can the management take to transform their customer identity landscape? This backstage tour will cover the live deployment and configuration of components within the ForgeRock Identity Platform.
The session includes interactive discussion and feature:
- Single View of the Customer
- Social media registration
- Multi-Factor Single Sign On
- Consent driven sharing
- IoT integration
You will leave the tour with a good understanding of how to deploy large scale digital identity projects and where you should start.
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
The OWASP Mobile Top 10 is a nice start for any developer or a security professional, but the road is still ahead and there is so much to do to destroy most of the possible doors that hackers can use to find out about app’s vulnerabilities. We look forward to the OWASP to continue their work, but let’s not stay on the sidelines!
Decrease Your Circle of Trust: An Investigation of PKI CAs on Mobile DevicesBlueboxer2014
This year at RSA 2015, Andrew Blaich, lead security analyst at Bluebox, presented the findings of his in-depth investigation into the PKI certificate authorities (CA) that are shipped on mobile devices. The findings proved that users must assume a zero-trust model with their mobile devices to ensure their data is protected from potential risk.
Read more about Andrew’s research here:
https://bluebox.com/blog/technical/cnnic-latest-ca-security-compromise-further-questions-the-trustability-of-devices/
https://bluebox.com/blog/technical/questioning-the-chain-of-trust-investigations-into-the-root-certificates-on-mobile-devices/
DevOps Unleashed: Strategies that Speed DeploymentsForgeRock
Modern identity management platforms must be agile and secure enough to respond to demanding business timelines. As a result, many organizations are seeking cloud-based approaches to digital security and need offerings that are optimized for environments including Cloud Foundry, Azure, GCE, AWS and OpenStack. Your dev-ops strategy could be the difference between hitting or missing business-critical deadlines. In this webinar, learn how we are enhancing the ForgeRock Identity Platform to enable developers to use container-oriented technologies such as Kubernetes and Docker to accelerate deployment.
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...Amazon Web Services
Security is an imperative for any successful IoT deployment. AWS and Intel will showcase their collaboration on IoT security at the edge based on Intel® Zero-Touch Device Onboarding. In this session you will learn how to ensure secure connection back from the edge to AWS cloud, accelerate deployment time for provisioning, and scale solution remotely for customization and management across thousands of devices and end points.
Session sponsored by Intel
Security On The Edge - A New Way To Think About Securing the Internet of ThingsForgeRock
ForgeRock proposes a new approach for IoT security, where identity principles are used to ensure the authenticity of IoT devices and their communications. We call this upcoming technology, ForgeRock Edge Security. Using secure, standards-based tokens and providing comprehensive, policy-based controls for controlling access to data from devices, this is the next generation of IoT edge security. With examples from industrial and automotive IoT environments, learn how this new way of providing security “on the edge” can provide a rock solid layer of security for your IoT deployments.
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Cloudera, Inc.
This webinar discusses how you can use Navigator capabilities such as Encrypt and Key Trustee to secure data and enable compliance. Additionally, we will discuss our joint work with Intel on Project Rhino (an initiative to improve data security in Hadoop). We also hear from a security architect at a financial services company that is using encryption and key management to meet financial regulatory requirements.
Security by Design: An Introduction to Drupal SecurityTara Arnold
Security experts from Mediacurrent, Townsend Security and Lockr uncover how you can protect your site from the growing cybercrime business by starting off on the right foot. This interactive webinar will get you the foundation you need to protect your site and your organization when using Drupal.
YOU'LL LEARN:
Security by design in Drupal
Site audit and security best practices
Encrypting sensitive data
Key management (encryption & API)
Resources to improve security
Security by design: An Introduction to Drupal SecurityMediacurrent
Security experts from Mediacurrent, Townsend Security and Lockr uncover how you can protect your site from the growing cybercrime business by starting off on the right foot. This interactive webinar will get you the foundation you need to protect your site and your organization when using Drupal.
How to make Android apps secure: dos and don’tsNowSecure
Learn from the mobile app security fails of others and understand how to get Android app security right the first time around.
A quarter of mobile apps include flaws that expose sensitive personal or corporate data that can be used for illicit purposes. And the security of a mobile app has a lot to do with a user’s impression of its quality.
Fixing vulnerabilities in the late stages of your build-and-deploy cycle is a hassle, and more expensive. You’ve got to switch contexts, dig through code you haven’t thought about in weeks (or didn’t develop in the first place), and delay progress on your latest sprint.
So, what can you, the savvy Android developer, do to get security right the first time around and save yourself work later?
Or, if you’re a security practitioner, how can you give security guidance up front to help your colleagues on the development team work more efficiently?
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
Scripting extends ForgeRock products in a powerful way, both for deployers as well as developers. For OpenAM, deployers can embed the ssoadm command line utility in comprehensive shells scripts for ultra fast deployments and configurations. Developers can use scripts for client-side and server-side authentication, policy conditions, and handling OpenID Connect claims. In OpenIDM, scripting allows you to customize various aspects of OpenIDM functionality, by providing custom logic between source and target mappings, defining correlation rules, filters, triggers, and more.
Webinar Highlights:
Scripting
The ForgeRock Platform
Q&A
Join Anders Askåsen, Senior Technical Product Manager, and Javed Shah, Senior Sales Engineer, as they highlight the concepts and show examples and best practices for scripting with the ForgeRock Identity Platform.
Moving the crown jewels to the cloud requires a trusted cloud provider. This is why almost 40% of enterprises choose to run internal applications on Azure, which was designed to deliver more choice, scalability, and speed. However, this also extends the security perimeter to the Internet - rendering network-centric security methods obsolete.
Learn how to deploy a lean API runtime infrastructure in your private enterprise environment while getting all the benefits of Apigee Edge API management in the cloud.
The Future is Now: What’s New in ForgeRock Access Management ForgeRock
In this webinar, learn how new capabilities in ForgeRock Access Management enable cloud automation for dynamic architectures, dramatically improve security, and ensure future-proofing for in-demand technologies such as DevOps and IoT, making it an ideal choice for securing customer identity and access management (CIAM) deployments for both today and for tomorrow.
Developer's Guide to JavaScript and Web CryptographyKevin Hakanson
The increasing capabilities and performance of the web platform allow for more feature-rich user experiences. How can JavaScript based applications utilize information security and cryptography principles? This session will explore the current state of JavaScript and Web Cryptography. We will review some basic concepts and definitions, discuss the role of TLS/SSL, show some working examples that apply cryptography to real-world use cases and take a peek at the upcoming W3C WebCryptoAPI. Code samples will use CryptoJS in the browser and the Node.js Crypto module on the server. An extended example will secure the popular TodoMVC project using PBKDF2 for key generation, HMAC for data integrity and AES for encryption.
Now you can trust the browser - Ben Gidley, Tim Charman - Codemotion Amsterda...Codemotion
Developers are taught to 'never trust the browser' to execute their client-side JavaScript. The inability for a developer to trust a browser has far reaching implications from not trusting client-side validation, to never being really sure the TLS connection doesn't have a man-in-the-middle. Software security such as white-box cryptography & obfuscation have been used in native environments for many years, but these techniques are hard in JS. We'll explain how these techniques can now be applied to JS code running in a web browser to secure it from MITM attacks.
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
Timothy Opsitnick and Eric Vanderburg of TCDI presented at the Risk Management Society's 2017 Northeast Ohio Regional Conference on Cybersecurity incident response strategies and tactics.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Similar to Android P Security Updates: What You Need to Know (20)
Jeff's Journey: Best Practices for Securing Mobile App DevOpsNowSecure
Originally Presented December 6, 2018
As DevOps teams seek to accelerate the mobile app dev pipeline, they rely on tools and best practices to gain speed. Because our engineering leader Jeff Fairman previously ran software development for a top online brokerage, he understands the challenges of scaling security testing to meet current demands.
After discovering the NowSecure automated testing platform, Jeff Fairman was so impressed with the tech that he joined the company to help DevOps and security teams build and release safe mobile apps. Listen this webinar to learn:
+ Why you need dynamic application security (DAST) testing to flag vulnerabilities in the post-build phase
+ The unique requirements, toolchain options and best practices for secure mobile DevOps
+ How to combine continuous daily testing with outsourced pen testing.
Originally presented on June 12, 2018
Much of the improvements for iOS 12 focused on privacy and reliability. What prompted these changes and how will it affect the path forward? In this discussion, Tony Ramirez, Mobile Security Analyst, shares about the following:
+ Learnings & remediations from iOS 11
+ Predictions coming out of WWDC
+ How we see the newest software update, iOS 12, affecting mobile app security testing
What attackers know about your mobile apps that you don’t: Banking & FinTechNowSecure
Our threat research team spends every waking moment reverse-engineering and cracking mobile apps and devices to help organizations reduce mobile risk. Originally presented on October 24, 2017, mobile security expert and NowSecure founder Andrew Hoog explains the attacker’s point-of-view, what attackers are looking for in mobile banking or financial services apps, and what makes your mobile app an appetizing target. He then provides tips for deploying a mobile app security testing program to ensure you proactively plug security holes, squash privacy leaks, and fill compliance gaps in your mobile apps.
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data.
Originally presented on August 22, 2017, NowSecure Security Solutions Engineer Brian Lawrence explains:
-- How and where exactly mobile apps fall in scope for various compliance regimes
-- Mobile app security issues financial institutions must identify and fix for compliance purposes
-- How assessment reports can be used to demonstrate due diligence
The amount of data collected by mobile devices and apps is shocking, and vulnerable mobile apps expose that data to compromise. In our static and dynamic analysis of hundreds-of-thousands of mobile apps, we found that 25 percent of them harbor at least one high-risk vulnerability such as collecting/transmitting location data, credentials, and more in cleartext. Mobile data may only be as secure as the weakest app on someone’s device. Mobile app developers need to protect the users of their apps by building high quality, secure apps. This presentation covers the most common mobile app vulnerabilities (including a real-world demonstration), how to identify those vulnerabilities, and what to do to remediate them.
Slides from NowSecure Senior Solutions Engineer Jon Porter's talk at the OWASP Denver Chapter's July 2017 meeting.
Vetting Mobile Apps for Corporate Use: Security EssentialsNowSecure
What does a sensible approach to approving and denying Android and iOS apps for use by staff look like? It starts with accurate, up-to-date security assessment data. NowSecure VP of Customer Success and Services Katie Strzempka covers how to take a data-driven approach to evaluating mobile apps for use at your organization.
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
A mobile app that’s vulnerable to man-in-the-middle (MITM) attacks can allow an attacker to capture, view, and modify sensitive traffic sent and received between the app and backend servers. At NowSecure, Michael Krueger and Tony Ramirez spend their days performing penetration tests on Android and iOS apps, which include exploiting MITM vulnerabilities and helping developers fix them. These slides are from a 30-minute webinar with Michael & Tony about MITM attacks on mobile apps and how to prevent them that will cover:
-- Identifying man-in-the-middle vulnerabilities in mobile apps
-- How to execute a mobile man-in-the-middle attack
-- Right and wrong ways to implement certificate validation and certificate pinning
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceNowSecure
How do you balance UX and security for mobile banking apps? Check out the slides originally presented on May 2 sharing FFIEC guidance and a study of vulnerabilities 30 mobile banking apps (15 iOS and 15 Android) from 15 financial institutions.
Next-level mobile app security: A programmatic approachNowSecure
Katie Stzempka, VP of Customer Success & Services, shares some helpful guidance on how to launch and improve an internal mobile app security program. You'll learn:
-- How to unite a disarray of tasks into a mobile app security testing process
-- How to choose the right mobile app security testing tools for your maturity
-- How to establish buy-in and collaborate with developers and your DevOps team
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...NowSecure
+ How do vulnerable mobile apps and insecure V2D communications put drivers and manufacturers at risk?
+ Applying crashworthiness and safety ratings concepts to mobile app and connected car cybersecurity
+ How to manage mobile app security defects and vulnerabilities in the connected car and mobile app development process
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
In this, the second, episode of our mobile penetration testing trilogy, NowSecure Solutions Engineer Michael Krueger takes you beyond the device. Michael will explain how to perform network and web services/API testing to capture data exposed in transit between apps and backend services -- some of the highest risk security flaws around.
This high intensity 30-minute crash course covers:
+ Man-in-the-middle (MITM) attacks
+ Taking advantage of improper certificate validation
+ Demonstration of a privilege escalation exploit of a web back-end vulnerability
Watch it here: https://youtu.be/bT1-7ZkSdNY