Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
This presentation is part of a series focused on OWASP Mobile Top 10 : We discussed about what is data leakage, places where data could be leaked. sample /examples of data leakage and how it differes from M2: Insecure data storage.
CocoaConf Austin 2014 | Demystifying Security Best PracticesMutual Mobile
Presentation from Conrad Stoll, Consulting Architect, Mutual Mobile at CocoaConf Mini Austin 2014.
We are expected to secure our software. Products are judged by the quality of the user experience, and the absence of security issues. Security is about being responsible with a user’s information. The type of information your app handles defines how secure it needs to be.

Not everyone is building a banking app. Security is all about making tradeoffs. Every app we build has an appropriate balance between security and usability.
View this security best practices presentation to see 14 things you can do to build more secure software.
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
This presentation is part of a series focused on OWASP Mobile Top 10 : We discussed about what is data leakage, places where data could be leaked. sample /examples of data leakage and how it differes from M2: Insecure data storage.
CocoaConf Austin 2014 | Demystifying Security Best PracticesMutual Mobile
Presentation from Conrad Stoll, Consulting Architect, Mutual Mobile at CocoaConf Mini Austin 2014.
We are expected to secure our software. Products are judged by the quality of the user experience, and the absence of security issues. Security is about being responsible with a user’s information. The type of information your app handles defines how secure it needs to be.

Not everyone is building a banking app. Security is all about making tradeoffs. Every app we build has an appropriate balance between security and usability.
View this security best practices presentation to see 14 things you can do to build more secure software.
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudWSO2
Paul Fremantle, CTO & Co-Founder of WSO2 delivered a talk at IoT World Forum in London titled "A Reference Architecture for IoT: How to create a resilient, secure IoT cloud".
The talk discussed how the world is moving from thousands of connected clients to millions of connected devices; and how we are moving from a known security perimeter to an almost infinite attack space. Scalable and secure architecture enables IoT to succeed and Paul elaborated what such an architecture should look like, and how major companies have implemented this using best of breed Open Source components.
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...UL Transaction Security
At the ASUG Georgia Chapter Meeting in May 2014, SECUDE talks about mobility, the use of Bring Your Own Device (BYOD), and the myriad of security challenges businesses are facing, that are inherent to mobility.
Baking Security into the Company Culture (2017) Mike Kleviansky
Securing company assets is a shared responsibility. It requires People, Process and Technology to be effective.
This non-technical slide deck is compulsory viewing for all company staff. It is designed to educate staff about security risks, building an in-house security culture, and explains how humans are the weakest link in the security chain.
While the slides are self explanatory, detailed slide notes to significantly enhance the presentation, are available on request.
To receive your complimentary slide notes, please email mikek@m-net.com.au with title "Baking Security - Notes".
Alternatively, if you would like this session professionally presented to your organisation please email:
mikek@m-net.com.au with title "Baking Security - Presentation".
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
Dominic Chell presents "Breaking Secure Mobile Applications" at Hack In The Box 2014.
This presentation details common vulnerabilities that can be found in supposedly secure applications, including BYOD and MDM apps. It also provides an overview of the binary protections that can be implemented to complicate these types of attacks.
Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.
IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.
This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis.
Recent trends in 2014-15 in the IT field. Big shots from the major companies, including rumours of shift in focus to car manufacturing. Seamless integration between devices etc.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudWSO2
Paul Fremantle, CTO & Co-Founder of WSO2 delivered a talk at IoT World Forum in London titled "A Reference Architecture for IoT: How to create a resilient, secure IoT cloud".
The talk discussed how the world is moving from thousands of connected clients to millions of connected devices; and how we are moving from a known security perimeter to an almost infinite attack space. Scalable and secure architecture enables IoT to succeed and Paul elaborated what such an architecture should look like, and how major companies have implemented this using best of breed Open Source components.
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...UL Transaction Security
At the ASUG Georgia Chapter Meeting in May 2014, SECUDE talks about mobility, the use of Bring Your Own Device (BYOD), and the myriad of security challenges businesses are facing, that are inherent to mobility.
Baking Security into the Company Culture (2017) Mike Kleviansky
Securing company assets is a shared responsibility. It requires People, Process and Technology to be effective.
This non-technical slide deck is compulsory viewing for all company staff. It is designed to educate staff about security risks, building an in-house security culture, and explains how humans are the weakest link in the security chain.
While the slides are self explanatory, detailed slide notes to significantly enhance the presentation, are available on request.
To receive your complimentary slide notes, please email mikek@m-net.com.au with title "Baking Security - Notes".
Alternatively, if you would like this session professionally presented to your organisation please email:
mikek@m-net.com.au with title "Baking Security - Presentation".
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
Dominic Chell presents "Breaking Secure Mobile Applications" at Hack In The Box 2014.
This presentation details common vulnerabilities that can be found in supposedly secure applications, including BYOD and MDM apps. It also provides an overview of the binary protections that can be implemented to complicate these types of attacks.
Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.
IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.
This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis.
Recent trends in 2014-15 in the IT field. Big shots from the major companies, including rumours of shift in focus to car manufacturing. Seamless integration between devices etc.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
liferay-safe-slides.pdf
1. DEVELOPMENT OF A PRIVACY PRESERVING!
LIFERAY PORTAL DOCUMENT SYNCHRONIZER!
FOR ANDROID!
BY!
MAX PERRY PERINATO!
Thesis Supervisor: Prof. Michele Bugliesi!
Department of Environmental Sciences, Informatics and Statistics
MASTER OF SCIENCE IN COMPUTER SCIENCE
A.Y. 2011/2012
VENICE, 1 MARCH 2013
2. Motivation!
• Bring-Your-Own-Device is becoming an inevitable trend (Juniper Research)!
• Employees are bringing their own smartphones and tablets to work!
➔ Access to documents anytime, anywhere!
– Private information concerning the enterprise!
– Personal information about employees and clients!
➔ Confidentiality and liability issues arise!
!
• Security and data breach are the greatest barriers for BYOD (Trend Micro)!
!
3. Mobile Security Risks
• Mobile device security model erroneously based on security model of
predecessor: laptop computer!
• Mobile devices are always turned on and almost always connected!
➔ new set of security risks and attack vectors!
• Information discloure via
flash memory or RAM!
• Privilege escalation bugs!
!
• Bad design and insecure
coding practices!
5. Private!
Data!
Private !
Data!
Private !
Data!
Preserving Privacy of Enterprise Data
• BYOD poses one major challenge to be addressed: !
!
– Protecting and securing the privacy of sensitive data at all times while
allowing unrestricted access to public data!
• Information security becomes highly dependent on situational
information:!
– Security of the device, its location, the user, the network and the apps
being used!
CIA Triad – ISO 27001!
• Access to sensitive data can be allowed
with “Security Containers” !
– Can mitigate risks surrounding CIA of
resources!
– Can be trusted by enterprises!
6. • Android app for synchronization of
documents with Liferay Portal!
➔ “The leading open source Portal for the
Enterprise”!
• Built as a Security Container!
– Data encryption !
– Data access and usage control!
– Security of data in transit!
– Security of user credentials!
– Data loss prevention: passcode enforcement,
automatic/remote application lock and data wiping!
– Dynamic provisioning of user trust!
!
• Provides security of private data and offline
usage!
!
• Protection from malicious outsiders!
– e.g., device loss or theft!
• Protection from malicious insiders!
– e.g., employee leaves the company!
!
7. Android is leading the pack…
• 722.3 million smartphones
shipped globally in 2012!
!
!
• 68.8% (497.1 million) are
Android devices!
8. …but popularity comes at a price!
• 145.000 malicious Android apps released in 3Q12 (Trend Micro)!
• Lack of a control in app development and effective moderation in
Google Play store !
➔ Can lead to exposure of private information!
• Androidʼs security model is flawed:!
– Kernel-level sandboxing!
➔Allows privilege escalation attacks (Davi et al.)!
– Application-level mandatory access control!
➔Allows permission misuse and insecure data flows (Fuchs et al.) !
!
• Inter-application message passing also an attack surface. !
➔ Message contents sniffed, modified, stolen or replaced (Chin et al.)!
9. Client-Server Architecture!
• Transport Layer Security (TLS) protocol for
communication security !
– Prevents eavesdropping, tampering,
and message forgery!
• Server identity authentication!
– Full validation of CA-signed certificate!
• OAuth 2.0 protocol for client authorization!
– Separates API security credentials from
the Userʼs credentials !
• Access Tokens can be revoked for an
individual User or the entire app!
– Unique identifier tied to the app, hard to
guess, with restricted scope and limited
lifetime!
• Disabling of insecure channels and TLS validation
to prevent side channel & stripping attacks
Weʼll see these next!
10. Challenges 1/2!
• Lack of a “root of trust”, enterprises can trust neither its employees
nor their own devices!
• Complex management and protection of encryption keys and OAuth
tokens !
• Offline usage hinders user revocation, and remote wiping or locking!
• Little control over how devices are used and what apps are installed!
!
• Rooting a device is easy (e.g., SuperOneClick), no 100% effective
way to detect it!
• On some devices fastboot allows to re-flash partitions and install a
Custom Firmware (e.g., CyanogenMod)!
!
!
11. Challenges 2/2!
!
• Data extraction with open source forensics tools (e.g., OSAF-TK,
Santoku)!
!
• Limited internal storage. Mountable (and removable) external storage!
• Impracticable data zeroization on NAND Flash memory due to wear
leveling technique!
!
• Negative impact of security provisions on user experience and battery
life!
!
!
12. Private Documents Caching and Encryption!
• Encrypted caching of private data for offline usage!
• App-level Virtual Encrypted Disk based on IOCipher library (by The
Guardian Project)!
– Clone of the standard java.io API!
– SQLCipher (by Zetetic LLC) 256-bit AES transparent on-the-fly encryption !
– Libsqlfs (by PalmSource) POSIX style file system on top of an SQLite database!
• VED initialized with random master key
encrypted with a 256-bit AES key derived
from the Access Token!
– Access Token has a validity of 24 hours!
– When the Token expires the master key and the
VED file are erased!
– Access Token can also be revoked from the
server!
13. Access Token Management!
• Access Token is secured in RAM by CacheGuard!
• In-memory obfuscation!
• Mitigates lack of a “root of trust” problem!
• Exposure to memory analysis!
➔ requires gaining root privileges (Sylve et. Al)!
!
• Android Debug Bridge!
➔ Mitigation: Enforce disabling of “USB debugging” setting!
• Recovery Boot!
➔ Assumption: Access Token is cleared after reboot!
• Remote Exploitation!
➔ Mitigation: Require minimum Android version (at least Jelly Bean)!
• Complete access to device!
➔ Mitigation: Enforce use of a password screen lock!
!
➔ Attempt to detect if the device is rooted with a set of heuristics!
14. Conclusions!
• Documents are safe with BYOD at a trade-off: at the state of the art itʼs not
possible to provide privacy preservation and offline access without posing any
assumptions and constraints:!
– 24 hours limited offline access!
– Definition and enforcement of enterprise policies!
– Size limit of private documents (available RAM)!
– Minimum Android version (4.1 Jelly Bean) !
– Mandatory screen lock and disabled “USB debugging” setting!
– Reduced battery life!
• Lack of a “root of trust”: some Android devices currently embed a Trusted
Platform Module (i.e., Secure Element), but itʼs not open to third-party apps!
– Necessary to establish a ground of truth on which to build security!
– Help increase trustworthiness of consumer devices!
!
!
15. “Never commit to memory what can be easily
looked up in books.”!
!
- Albert Einstein!