Android security
•Download as PPT, PDF•
1 like•663 views
To raise awareness on mobile security. Demonstrate how a PayPal application can be easily compromised (http://vimeo.com/28746669).
Report
Share
Report
Share
![Who Am I? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
B Hkorba
E-commerce is thriving but faces many challenges. Standardization, trust, business-to-business transactions, and intellectual property protection present open research questions. As e-commerce expands to new areas like wireless and agent-based systems, additional challenges arise regarding security, privacy, and establishing trust in new environments and between new parties. Continued research aims to address these challenges and further innovation in electronic commerce.
Web Application Hacking 2004
This document outlines an agenda for a two-day training on web application hacking. Day one covers topics like internet crime and motivation for web security, the OWASP top 10 list of vulnerabilities, HTTP and HTML, and Google hacking. Day two covers fingerprinting web servers, basic and advanced web application hacking techniques, and automated tool sets. The document provides background on why web application security is important given the prevalence of attacks on the application layer and examples of recent hacks. It establishes that web applications need to be secured as they now control valuable data and have become attractive targets for criminals.
E-Commerce Security Workable Attacks Againest E-Commerce
This document discusses security vulnerabilities in e-commerce systems. It begins by defining e-commerce and outlining the key players - shoppers, merchants, software vendors, and attackers. It then examines common vulnerabilities like SQL injection, cross-site scripting, information disclosure, and path disclosure. The document argues that attacks are appealing to criminals because of the low costs and high potential payoffs compared to traditional crimes. In conclusion, the document analyzes different points in e-commerce systems like the shopper, server, and connections that attackers can potentially target.
Mobile Security for the Enterprise
The document discusses considerations for developing a robust mobile security strategy for an enterprise. It covers questions to ask, defining security policies, risks and threats, authentication, authorization, protecting data, securing communications, application security, device management, and enterprise mobility management. It emphasizes the importance of mobile device management, strong authentication, data encryption, application wrapping, and security policies.
NII Social Engineering Case Study
Case-study of a Social Engineering exercise conducted by the Network Intelligence India Pvt. Ltd. (http://www.niiconsulting.com/) team.
Mobile Apps and Security Attacks: An Introduction
A general overview of why the security of your mobile device is important, what are the possible threats to mobile devices, and how you can detect the threats.
Ppt information security
One of the most strongest and demanding field in the IT industry. Government as well as private sectors looking for skilled professionals who can protect their company from the cyber attacks.
Two factor authentication 2018
This document summarizes a presentation on two-factor authentication (2FA). It discusses the different types of authentication factors including something you know (e.g. passwords), something you have (e.g. security tokens), and something you are (e.g. biometrics). Software token apps like Google Authenticator and Authy that generate one-time passwords for 2FA are also covered. The document outlines the security issues with passwords and why 2FA is needed based on recent data breaches. It provides an overview of standards like FIDO and implementation recommendations for adding a second authentication factor.
Recommended
B Hkorba
E-commerce is thriving but faces many challenges. Standardization, trust, business-to-business transactions, and intellectual property protection present open research questions. As e-commerce expands to new areas like wireless and agent-based systems, additional challenges arise regarding security, privacy, and establishing trust in new environments and between new parties. Continued research aims to address these challenges and further innovation in electronic commerce.
Web Application Hacking 2004
This document outlines an agenda for a two-day training on web application hacking. Day one covers topics like internet crime and motivation for web security, the OWASP top 10 list of vulnerabilities, HTTP and HTML, and Google hacking. Day two covers fingerprinting web servers, basic and advanced web application hacking techniques, and automated tool sets. The document provides background on why web application security is important given the prevalence of attacks on the application layer and examples of recent hacks. It establishes that web applications need to be secured as they now control valuable data and have become attractive targets for criminals.
E-Commerce Security Workable Attacks Againest E-Commerce
This document discusses security vulnerabilities in e-commerce systems. It begins by defining e-commerce and outlining the key players - shoppers, merchants, software vendors, and attackers. It then examines common vulnerabilities like SQL injection, cross-site scripting, information disclosure, and path disclosure. The document argues that attacks are appealing to criminals because of the low costs and high potential payoffs compared to traditional crimes. In conclusion, the document analyzes different points in e-commerce systems like the shopper, server, and connections that attackers can potentially target.
Mobile Security for the Enterprise
The document discusses considerations for developing a robust mobile security strategy for an enterprise. It covers questions to ask, defining security policies, risks and threats, authentication, authorization, protecting data, securing communications, application security, device management, and enterprise mobility management. It emphasizes the importance of mobile device management, strong authentication, data encryption, application wrapping, and security policies.
NII Social Engineering Case Study
Case-study of a Social Engineering exercise conducted by the Network Intelligence India Pvt. Ltd. (http://www.niiconsulting.com/) team.
Mobile Apps and Security Attacks: An Introduction
A general overview of why the security of your mobile device is important, what are the possible threats to mobile devices, and how you can detect the threats.
Ppt information security
One of the most strongest and demanding field in the IT industry. Government as well as private sectors looking for skilled professionals who can protect their company from the cyber attacks.
Two factor authentication 2018
This document summarizes a presentation on two-factor authentication (2FA). It discusses the different types of authentication factors including something you know (e.g. passwords), something you have (e.g. security tokens), and something you are (e.g. biometrics). Software token apps like Google Authenticator and Authy that generate one-time passwords for 2FA are also covered. The document outlines the security issues with passwords and why 2FA is needed based on recent data breaches. It provides an overview of standards like FIDO and implementation recommendations for adding a second authentication factor.
Figurative Language
The document provides instructions for a quiz on identifying different types of figurative language. It lists several figurative language terms and their definitions. It then provides examples of sentences using different figurative language techniques and asks the reader to identify which technique is being used in each example sentence.
Sept 30
The document provides writing prompts and questions about an article on Nike. It asks students to identify the main text structure of the article, explain the origin of the modern marathon by recounting the story, state the author's main point, identify who the Greeks were fighting at Marathon and Salamis, and explain what Nike symbolizes.
Go serving: Building server app with go
Hong developed a server for proprietary GPS trackers using Go as their first experience with the language. The talk outlines Go's characteristics, how Hong built the server app including communicating over TCP, encoding/decoding data, and reading a config file. Hong recommends getting a team to adopt Go by starting small, sharing learnings, embracing experimentation, and using Go appropriately for the task.
Geekcamp Android
Introduction to Android. These slides are presented at Geekcamp Singapore, on 22th August at Yahoo! office.
Oct13
This document provides writing prompts and assignments for students, including questions about the six traits of good writing, the definition of a main idea, and the three criteria every main idea must meet. It also assigns students to complete a plot story map and quiz for a short story, and lists the next day's assignments.
Developing MyTrafficCam
Sharing of how I build a web service for monitoring traffic condition in Malaysia-Singapore border. A community project by HackerspaceJB, in Johor Bahru.
PHP_Frameworks_Discussion
The document discusses PHP frameworks, explaining that a framework consists of multiple libraries that define the basic application flow and interaction patterns for a specific application type like a web application. It lists some popular PHP frameworks, potential benefits of using a framework like reduced development effort and learning best practices, and factors to consider when choosing a framework such as learning curve, community support, and flexibility versus comprehensiveness. The document also raises questions about when a framework may not be suitable or its conventions could get in the way of requirements.
Writing An Expository Paragraph
Expository writing explains, defines or informs. The document provides instructions on how to write an expository paragraph, including choosing a topic related to school and narrowing it down through multiple steps. It advises writing a topic sentence that states the main idea in a complete sentence, then adding supporting details through examples, explanations or definitions before restating the main idea in a clincher sentence.
Mobile Payment
The document discusses integrating in-app payments on mobile applications from different payment processors. It covers various payment methods like credit cards and mobile billing, integration methods like using websites or direct payment flows, and challenges around fees, library size, and testing payments. Finally, it mentions several service providers and libraries that can be used to handle in-app payments, such as PayPal, Google Checkout, and MoVend.
Building A Software Team
The document provides tips for building a software team, including hiring developers who are passionate and self-improving, using tools like Trello and wikis for communication and documentation, facilitating continuous learning through weekly sharing sessions and side projects, motivating through praise and challenges, and building the team through both technical and non-technical activities.
Hacker Culture
My presentation at BarcampJB 2015. I talked about the meaning of hacking, and clarify some misconceptions.
Color filters for the dummies
This document discusses color filters in Android, explaining that a color filter can change the colors in a bitmap by applying mathematical operations to the color and alpha components, and describes three specific types of color filters - ColorMatrixColorFilter which applies operations using a 4x5 matrix, LightingColorFilter which multiplies and adds color values, and PorterDuffColorFilter which performs operations between two bitmaps based on PorterDuff blending modes.
Webhook & Mailhook
Introduce concept of webhook and mailhook and how it can be used in web application development. Provide examples from GitHub, PayPal, and Mailgun.
Rubik Cubes For Geeks
The document discusses Rubik's Cubes, including their origin and structure. It provides an overview of common solving techniques like the Fridrich and Lars Petrus methods. It also covers speed cubing competitions and how they are organized by the World Cube Association.
What the HACK is HHVM?
HHVM is a PHP execution engine created by Facebook that converts PHP code to bytecode, which is then JIT compiled to machine code for improved performance over traditional PHP interpreters. It originated from Facebook's HPHPc compiler and has nearly full PHP compatibility while also supporting a new typed programming language called Hack. A benchmark test demo showed HHVM can provide better performance than traditional PHP interpreters.
Android and web services
Introduction to Android programming platform. Design consideration for developing web services for Android apps.
Writing An Expository Paragraph
Expository writing explains, defines or informs. The document provides instructions on how to write an expository paragraph, including choosing a topic related to school and narrowing it down through multiple steps. It advises writing a topic sentence that states the main idea in a complete sentence, then adding supporting details through examples, explanations or definitions before restating the main idea in a clincher sentence.
Writing An Expository Paragraph
Expository writing explains, defines or informs. The document provides instructions on how to write an expository paragraph, including choosing a topic related to school and narrowing it down through multiple steps. It advises writing a topic sentence that states the main idea in a complete sentence, then adding supporting details through examples, explanations or definitions before restating the main idea in a clincher sentence.
How to Plan & Execute a Seminar
Agenda:
* Set Your Objectives & Strategies
* Planning The Date, Location, Topic & Time
* Marketing & Sales Coordination
* Marketing Execution: Registration Form & Invitation
* Seminar Presentation
* Day of the Event Logistics
* After the Event Follow-Through
* Resources
Appaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome partner to deliver Mobile Application Management + Mobile Application Protection & Enhancement.
Key takeaways for both solutions:
- Deploy mobile apps privately to employees & partners
- Add Appaloosa's SDK in minutes with no code change
- Protect your apps from additional threats
Learn more from https://www.appaloosa-store.com/mobile_app_protection
Безопасность данных мобильных приложений. Мифы и реальность.
Yury Chemerkin is a security expert with 10 years of experience focused on privacy, mobile security, and compliance. He has published many papers on mobile and cloud security and speaks regularly at security conferences. Perspektivny Monitoring is a security research company founded in 2007 that focuses on commercial security monitoring, threat intelligence, software security practices, and security of mobile devices, apps, and networks. The document discusses myths and realities regarding data protection in mobile apps, providing examples of common vulnerabilities like insecure data storage, transmission, and authentication over the years. It also highlights specific apps that had data leaks or protections issues.
2018 android-security-udacity-morrison chang
This document provides an overview of Android security for developers. It defines security as protection from harm, discusses the types of users and threats like normal users, pirates and government agencies. It covers securing data between the app and server through techniques like certificate pinning and encryption, and securing data on the device using app obfuscation and keystores. It also discusses development security best practices, dealing with piracy, reverse engineering, privacy regulations like GDPR, and resources for further information.
More Related Content
Viewers also liked
Figurative Language
The document provides instructions for a quiz on identifying different types of figurative language. It lists several figurative language terms and their definitions. It then provides examples of sentences using different figurative language techniques and asks the reader to identify which technique is being used in each example sentence.
Sept 30
The document provides writing prompts and questions about an article on Nike. It asks students to identify the main text structure of the article, explain the origin of the modern marathon by recounting the story, state the author's main point, identify who the Greeks were fighting at Marathon and Salamis, and explain what Nike symbolizes.
Go serving: Building server app with go
Hong developed a server for proprietary GPS trackers using Go as their first experience with the language. The talk outlines Go's characteristics, how Hong built the server app including communicating over TCP, encoding/decoding data, and reading a config file. Hong recommends getting a team to adopt Go by starting small, sharing learnings, embracing experimentation, and using Go appropriately for the task.
Geekcamp Android
Introduction to Android. These slides are presented at Geekcamp Singapore, on 22th August at Yahoo! office.
Oct13
This document provides writing prompts and assignments for students, including questions about the six traits of good writing, the definition of a main idea, and the three criteria every main idea must meet. It also assigns students to complete a plot story map and quiz for a short story, and lists the next day's assignments.
Developing MyTrafficCam
Sharing of how I build a web service for monitoring traffic condition in Malaysia-Singapore border. A community project by HackerspaceJB, in Johor Bahru.
PHP_Frameworks_Discussion
The document discusses PHP frameworks, explaining that a framework consists of multiple libraries that define the basic application flow and interaction patterns for a specific application type like a web application. It lists some popular PHP frameworks, potential benefits of using a framework like reduced development effort and learning best practices, and factors to consider when choosing a framework such as learning curve, community support, and flexibility versus comprehensiveness. The document also raises questions about when a framework may not be suitable or its conventions could get in the way of requirements.
Writing An Expository Paragraph
Expository writing explains, defines or informs. The document provides instructions on how to write an expository paragraph, including choosing a topic related to school and narrowing it down through multiple steps. It advises writing a topic sentence that states the main idea in a complete sentence, then adding supporting details through examples, explanations or definitions before restating the main idea in a clincher sentence.
Mobile Payment
The document discusses integrating in-app payments on mobile applications from different payment processors. It covers various payment methods like credit cards and mobile billing, integration methods like using websites or direct payment flows, and challenges around fees, library size, and testing payments. Finally, it mentions several service providers and libraries that can be used to handle in-app payments, such as PayPal, Google Checkout, and MoVend.
Building A Software Team
The document provides tips for building a software team, including hiring developers who are passionate and self-improving, using tools like Trello and wikis for communication and documentation, facilitating continuous learning through weekly sharing sessions and side projects, motivating through praise and challenges, and building the team through both technical and non-technical activities.
Hacker Culture
My presentation at BarcampJB 2015. I talked about the meaning of hacking, and clarify some misconceptions.
Color filters for the dummies
This document discusses color filters in Android, explaining that a color filter can change the colors in a bitmap by applying mathematical operations to the color and alpha components, and describes three specific types of color filters - ColorMatrixColorFilter which applies operations using a 4x5 matrix, LightingColorFilter which multiplies and adds color values, and PorterDuffColorFilter which performs operations between two bitmaps based on PorterDuff blending modes.
Webhook & Mailhook
Introduce concept of webhook and mailhook and how it can be used in web application development. Provide examples from GitHub, PayPal, and Mailgun.
Rubik Cubes For Geeks
The document discusses Rubik's Cubes, including their origin and structure. It provides an overview of common solving techniques like the Fridrich and Lars Petrus methods. It also covers speed cubing competitions and how they are organized by the World Cube Association.
What the HACK is HHVM?
HHVM is a PHP execution engine created by Facebook that converts PHP code to bytecode, which is then JIT compiled to machine code for improved performance over traditional PHP interpreters. It originated from Facebook's HPHPc compiler and has nearly full PHP compatibility while also supporting a new typed programming language called Hack. A benchmark test demo showed HHVM can provide better performance than traditional PHP interpreters.
Android and web services
Introduction to Android programming platform. Design consideration for developing web services for Android apps.
Writing An Expository Paragraph
Expository writing explains, defines or informs. The document provides instructions on how to write an expository paragraph, including choosing a topic related to school and narrowing it down through multiple steps. It advises writing a topic sentence that states the main idea in a complete sentence, then adding supporting details through examples, explanations or definitions before restating the main idea in a clincher sentence.
Writing An Expository Paragraph
Expository writing explains, defines or informs. The document provides instructions on how to write an expository paragraph, including choosing a topic related to school and narrowing it down through multiple steps. It advises writing a topic sentence that states the main idea in a complete sentence, then adding supporting details through examples, explanations or definitions before restating the main idea in a clincher sentence.
How to Plan & Execute a Seminar
Agenda:
* Set Your Objectives & Strategies
* Planning The Date, Location, Topic & Time
* Marketing & Sales Coordination
* Marketing Execution: Registration Form & Invitation
* Seminar Presentation
* Day of the Event Logistics
* After the Event Follow-Through
* Resources
Viewers also liked (19)
Similar to Android security
Appaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome partner to deliver Mobile Application Management + Mobile Application Protection & Enhancement.
Key takeaways for both solutions:
- Deploy mobile apps privately to employees & partners
- Add Appaloosa's SDK in minutes with no code change
- Protect your apps from additional threats
Learn more from https://www.appaloosa-store.com/mobile_app_protection
Безопасность данных мобильных приложений. Мифы и реальность.
Yury Chemerkin is a security expert with 10 years of experience focused on privacy, mobile security, and compliance. He has published many papers on mobile and cloud security and speaks regularly at security conferences. Perspektivny Monitoring is a security research company founded in 2007 that focuses on commercial security monitoring, threat intelligence, software security practices, and security of mobile devices, apps, and networks. The document discusses myths and realities regarding data protection in mobile apps, providing examples of common vulnerabilities like insecure data storage, transmission, and authentication over the years. It also highlights specific apps that had data leaks or protections issues.
2018 android-security-udacity-morrison chang
This document provides an overview of Android security for developers. It defines security as protection from harm, discusses the types of users and threats like normal users, pirates and government agencies. It covers securing data between the app and server through techniques like certificate pinning and encryption, and securing data on the device using app obfuscation and keystores. It also discusses development security best practices, dealing with piracy, reverse engineering, privacy regulations like GDPR, and resources for further information.
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Dr. Mohammad Shahir gave a presentation on cyber security threats facing organizations. He discussed common attack types like phishing, malware, and DDoS attacks. He explained how these attacks work and real-world examples like the RSA and Target data breaches. Shahir covered prevention methods like firewalls and user awareness training. The presentation aimed to help participants understand common cyber attacks and how to prevent and prepare for future threats.
Con8896 securely enabling mobile access for business transformation - final
The document discusses planning for secure mobile access. It begins with an introduction to mobile security challenges for IT departments in managing access vs control with the rise of mobile. It then covers types of mobile apps, key security terms, and the need for mobile access management solutions. The document outlines Oracle's mobile security architecture and platform, which provides authentication, SSO, device security, API security and access management for mobile. It stresses the importance of planning with all stakeholders and having governance over development standards, access points and policies. The document ends with a case study of Verizon Wireless and their approach to planning mobile and social SSO to improve the customer experience across channels.
Elementary-Information-Security-Practices
This document provides guidelines for elementary information security practices for organizations. It discusses basic steps organizations can take to improve security without spending much money. The guidelines are divided into sections on basic security, web application security, network/host security, and include recommendations such as using strong passwords, encrypting sensitive data, updating software regularly, conducting security awareness training, and closing unnecessary network ports. The overall aim is to help organizations identify and address common security mistakes and vulnerabilities.
OWASP Mobile Security: Top 10 Risks for 2017
The OWASP Mobile Top 10 is a nice start for any developer or a security professional, but the road is still ahead and there is so much to do to destroy most of the possible doors that hackers can use to find out about app’s vulnerabilities. We look forward to the OWASP to continue their work, but let’s not stay on the sidelines!
How to build a highly secure fin tech application
Indeed, The FinTech industry is a specific sector where developing a successful mobile solution necessitates some extraordinary measures to capture clients’ loyalty. The takeaway is that a good FinTech app is more than simply an excellent companion.
Make Mobilization Work - Properly Implementing Mobile Security
From my presentation at Super Strategies, how to make mobilizaiton work in your organization. sadly, security is used as a reason to not implement mobile devices; however, I present the real threats in Mobile Security (Adapted from the great Veracode Mobile Security Presetnation by Chris Wysopal (with permission)). I then provide details on what Mobile Device Management is, how it works, and how it compares to other options.
Tt 06-ck
The document is an agenda for the Cyber Defense Initiative Conference 2011 being held from March 20-21, 2012 in Bangkok, Thailand. The conference theme is "Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity." The agenda includes discussions on mobile challenges for enterprises, what to look for in mobile device management (MDM) solutions, advanced threats over networks, and advanced network analysis tools. It also provides questions to consider when evaluating MDM solutions and discusses the need for intelligence-driven security and best-of-breed solutions to address evolving cyber threats.
Securing Mobile Apps - Appfest Version
The goal of this is to raise awareness about application security by
identifying some of the most critical risks facing organizations.
Cybercrimes against the korean online banking systems 1227 eng_slideshare
This document summarizes cybercrimes against Korean online banking systems. It discusses the evolution of financial cybercrime malware in Korea since 2007. In 2007, the first banking malware was discovered in Korea, but did not leak personal information. By 2012, banking malware was increasing and using more sophisticated techniques like redirecting users to phishing websites and leaking full account credentials. The malware analyzed banking processes in Korea to maximize damage by targeting security cards, PKI files, and passwords. Over time, the malware demonstrated a better understanding of Korean banking systems and an ability to enable other cybercrimes through stolen identity and financial information.
Network Security and Spoofing Attacks
Nowadays it is very common to hear from people that internet network is the largest engineering system,
and something that we cannot imagine life without.
Kaspars Petersons - BYOD - more like BYOP
This document discusses the challenges of mobile device management in businesses. It begins with a brief history of mobile technology and how businesses have transitioned to being "mobile first". Next, it discusses how mobility is changing business practices and the need for new mobile IT strategies around application development, security, and management. It then outlines some of the security risks of mobile devices and introduces MobileIron's mobile device management solutions which aim to provide application management, security, and policy controls for businesses transitioning to mobile-first.
From Reversing to Exploitation
Seminar on November 4, 2017
Currently many things has its own app on android. Are they secure enough? What if they are not engineered with security in mind? But most importantly, can we do something to them?
Mobile phone as Trusted identity assistant
The document discusses the future of mobile devices as trusted personal identity management assistants. It outlines some of the challenges with digital identity in cyber space and how governments are working to address this through initiatives like NSTIC in the US and eID in the EU. The document proposes that mobile devices could become ubiquitous identity assistants, certifying identity and attribute providers and managing a user's different "personas". It discusses some of the necessary technologies and governance models required for mobile devices to securely fulfill this role.
E banking security
The document discusses security trends in e-banking, including common attacks such as phishing and trojans, security measures implemented by banks like two-factor authentication and secured applications, and emerging technologies like transaction signing using mobile phones or security tokens. It also covers security protocols like SSL and implementations of security standards like EMV's chip authentication program. The outlook presented suggests users and banks will both need different solutions to manage evolving security risks in e-banking.
Ipsec And Ssl Protocols ( Vpn )
The document discusses the importance of software security and best practices for achieving it. It defines security as protecting information and data from unauthorized access while allowing authorized access. Attacks aim to access services, modify or deny data without permission. Major e-commerce companies like Amazon attract hackers due to collecting user information for transactions, so they must implement strong security. The discussion emphasizes designing for security throughout the software development lifecycle, understanding threats, rigorous testing, and risk analysis.
Internet Security Essay
Essay on Security On The Internet
Security And Privacy On The Internet Essay
Internet Security Essay
Internet Security Essay
Internet Security
Security on the Internet Essay
Internet Security And The Internet Essay
Cyber Security And Internet Security Essay
Internet Security Overview
Essay about Internet Security
Internet Security Essay
Home Internet Security Essay example
Internet Security Essay
Internet Security
Internet Security Threats Essay
Internet Security Essay
Essay Viruses and Internet Security
Essay about Internet Privacy and Security
106 Threat defense and information security development trends
This document discusses information security trends and the importance of security awareness. It covers three key topics: security threat defense, information security awareness, and information security development trends. Regarding security awareness, the document emphasizes that people are the weakest link in security and discusses how to foster awareness, such as by remaining vigilant online and thinking like a detective. For future trends, it predicts security as a service, the increasing importance of endpoint detection, moving from IP to application-based traffic control, and software-defined security solutions.
Similar to Android security (20)
Appaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applications
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile Security
Cybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshare
106 Threat defense and information security development trends
106 Threat defense and information security development trends
More from Hean Hong Leong
Telegram Bot
Chin Huat introducing Telegram app and bot programming to the team. This is presented in Inno Tech Bootcamp 2 on 6 July 2018.
#innoractive #inno1337 #ITBC2 #telegram #bot
How To Work With UI/UX Designer
Jian Hui share how UX/UI design works, and how developers can work with them effectively. This is presented in Inno Tech Bootcamp 2 on 6 July 2018.
#ITBC2 #innoractive #inno1337
How not to be a mediocre developer!
Chama walk us through this article (http://bit.ly/2lUBgdX) by Dushyant Sabharwal. He presented this in Inno Tech Bootcamp 2018 on 5th July 2018.
#ITBC2 #inno1337 #innoractive
Gitflow Workflow
The Gitflow workflow dictates using separate branches for features, releases, and hotfixes. A develop branch stores new features and a master branch maintains production releases. Feature branches branch off develop, merge back upon completion. Release branches branch off develop, merge to both develop and master after testing. Hotfix branches directly address master and also merge to both develop and master.
Lazy Programmer's Guide To Writing Spec
Techniques for capturing business requirements. Keywords: flowchart, diagrams, business process, sequence diagram, module diagram, analysis. This is presented in Inno Tech Bootcamp 2 on 5th July 2018. #itbc2
Developing Better Software
Since guideline developing better software, in 3 main areas: software security, performance, and self development.
Do More With Message Queue
Introducing message queue system, and explain how message queue can be used for queuing tasks. This is especially useful for web application to perform tasks in an asynchronously manner.
More from Hean Hong Leong (7)
Recently uploaded
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Building RAG with self-deployed Milvus vector database and Snowpark Container...
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Recently uploaded (20)
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Android security
- 1. Android Security Leong Hean Hong 2011-10-01 #geekcampsg