This document discusses trends in social media and mobile security. It notes that mobility and use of personal devices for work is increasing rapidly, bringing new security challenges. Mobile devices face security risks at the network, hardware, operating system and application layers. The document outlines common types of malicious mobile applications and vulnerabilities they may exploit, including monitoring user activity and stealing private data. It emphasizes the importance of securing sensitive data through encryption and access controls on mobile devices and applications. The document recommends organizations form mobility councils to develop mobile security policies and consider mobile device management solutions to help address security risks from increased mobility.
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
Presentation I gave at BriForum 2012 where I discuss Mobile Security Risks, BYOD and mobile privacy issues. Lastly, I wrap up with a discussion of Document Rights Management and mobile.
The Mobile Security Risks as adapted and updated from the Veracode Top 10 Mobile Security issues (With permission from Chris Wysopal)
Symantec Mobile Security Whitepaper June 2011Symantec
Symantec Corp. announced the publication of "A Window Into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android." This whitepaper conducts an in-depth, technical evaluation of the two predominant mobile platforms, Apple’s iOS and Google’s Android, in an effort to help corporations understand the security risks of deploying these devices in the enterprise.
C0c0n 2011 mobile security presentation v1.2Santosh Satam
Mobile phone security has been a hot topic for debate in recent times. The top mobile manufacturers seem to claim that their mobiles and applications are secure, but recent news on mobile hacking and malware suggest otherwise.
One of the key challenges in mobile security is the diverse platforms and multitude of operating systems (both open and proprietary) in the market. This makes it almost impossible to devise a generic catch-all strategy for mobile application security. Every platform whether it is iOS, Android, Blackberry, Windows Mobile, Symbian etc. is unique and requires a specialized treatment.
In this talk, we will demystify mobile and related application security. We will understand the architectures of various mobile operating systems and the native security support provided by the manufacturers and operating system vendors. Then we will look at how hackers have come up with different techniques and tools to break mobile security, and what mobile companies are doing to mitigate these attacks.
Finally, we will look at secure practices for mobile deployment in the Enterprise using policy files and other technology solutions, We will also outline best practices for business users and road warriors, on how to ensure your company data is protected while still continuing to enjoy the flexibility provided by mobile phones.
Mobile Security for Smartphones and TabletsVince Verbeke
Are security concerns for mobile devices, like smartphones and tablets, real? Or, are claims of exponential growth in malware simply FUD? We will explore the major mobile operating systems and security concerns with each. This session will provide tips that can be shared to help your users protect their personal info and data when viewed from a mobile device. Information on mobile security programs will be shared, as well, including a look at whether free or commercial offerings provide better protection.
2012 State of Mobile Survey Global Key FindingsSymantec
Symantec’s 2012 State of Mobility Survey revealed a global tipping point in mobility adoption. The survey highlighted an uptake in mobile applications across organizations with 71 percent of enterprises at least discussing deploying custom mobile applications and one-third currently implementing or have already implemented custom mobile applications.
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
Presentation I gave at BriForum 2012 where I discuss Mobile Security Risks, BYOD and mobile privacy issues. Lastly, I wrap up with a discussion of Document Rights Management and mobile.
The Mobile Security Risks as adapted and updated from the Veracode Top 10 Mobile Security issues (With permission from Chris Wysopal)
Symantec Mobile Security Whitepaper June 2011Symantec
Symantec Corp. announced the publication of "A Window Into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android." This whitepaper conducts an in-depth, technical evaluation of the two predominant mobile platforms, Apple’s iOS and Google’s Android, in an effort to help corporations understand the security risks of deploying these devices in the enterprise.
C0c0n 2011 mobile security presentation v1.2Santosh Satam
Mobile phone security has been a hot topic for debate in recent times. The top mobile manufacturers seem to claim that their mobiles and applications are secure, but recent news on mobile hacking and malware suggest otherwise.
One of the key challenges in mobile security is the diverse platforms and multitude of operating systems (both open and proprietary) in the market. This makes it almost impossible to devise a generic catch-all strategy for mobile application security. Every platform whether it is iOS, Android, Blackberry, Windows Mobile, Symbian etc. is unique and requires a specialized treatment.
In this talk, we will demystify mobile and related application security. We will understand the architectures of various mobile operating systems and the native security support provided by the manufacturers and operating system vendors. Then we will look at how hackers have come up with different techniques and tools to break mobile security, and what mobile companies are doing to mitigate these attacks.
Finally, we will look at secure practices for mobile deployment in the Enterprise using policy files and other technology solutions, We will also outline best practices for business users and road warriors, on how to ensure your company data is protected while still continuing to enjoy the flexibility provided by mobile phones.
Mobile Security for Smartphones and TabletsVince Verbeke
Are security concerns for mobile devices, like smartphones and tablets, real? Or, are claims of exponential growth in malware simply FUD? We will explore the major mobile operating systems and security concerns with each. This session will provide tips that can be shared to help your users protect their personal info and data when viewed from a mobile device. Information on mobile security programs will be shared, as well, including a look at whether free or commercial offerings provide better protection.
2012 State of Mobile Survey Global Key FindingsSymantec
Symantec’s 2012 State of Mobility Survey revealed a global tipping point in mobility adoption. The survey highlighted an uptake in mobile applications across organizations with 71 percent of enterprises at least discussing deploying custom mobile applications and one-third currently implementing or have already implemented custom mobile applications.
Here are some Guidelines for CxO's relating to BYOD / Mobile-Device Security at work. Includes some recent Statistics and other Research on the Market.
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
Intense overview of most mobile security related issues
From Clust Education talk on Security Summit in Milan (Italy):
https://www.securitysummit.it/eventi/view/82
Symosis mobile application security risks presentation at ISACA SV. The presentation top 3 covers mobile application security risks and helps you prioritize your risk remediation efforts
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
The mobile banking and payments opportunity for financial institutions is tremendous, and those who offer the most secure apps will prevail over the competition. But this opportunity is not without hazards, and the effect on revenue and brand caused by hackers can be devastating.
In this webinar, IBM Security Trusteer and Arxan focuson the mobile threat landscape and leading protection techniques to safeguard mobile payments and apps.
Industry experts from IBM Security Trusteer and Arxan review:
The changes in technology that have made mobile applications so vulnerable
Emerging mobile threat vectors and what you can do to mitigate the risks
Musts for the future of your security model
View the on-demand recording: http://arxan.wistia.com/medias/036z0iw7y1
Unicom Conference - Mobile Application SecuritySubho Halder
Mobile adoption is strategic in every industry today. Although it can be a great catalyst for growth, the security risks that come with it cannot be overlooked. Even though this fact is established, many companies are still not following some of the mobile application security best practices. The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations during development. We will be covering from basic OWASP top 10 security issues to live demos on different use-case scenarios on how a hacker can hack your application, and how to prevent them.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
The modern organization has recognized the need to embrace mobile devices in the workplace, but this increase in mobile devices brings important security implications.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
View the on-demand recording: http://securityintelligence.com/events/how-to-hack-a-cryptographic-key/
Cryptographic-focused attacks are rapidly growing problems and one of the most difficult risks to minimize. If your organization is not taking appropriate steps to protect these keys, you are giving hackers easy access to your private data and transactions.
Join IBM Security and Arxan Technologies for an important and informative web event where you will learn the techniques employed by the bad guys, the numerous and varied problems key hacking can cause your organization, and how to mitigate this emerging threat.
Watch this webinar to:
- Learn why standard cryptography is no longer sufficient to address the risks posed by advanced key hacking and interception
- View a demonstration of key-hacking techniques and the vulnerabilities they pose
- Gain insight into best practices to stay ahead of hackers and criminals that pose a threat to your organization, customers, employees, brand and reputation
My presentation at SuperStrategies on how to justify the cost of IT security. The key? Focus on how security can help reduce speculative risk instead of hazard risk.
Here are some Guidelines for CxO's relating to BYOD / Mobile-Device Security at work. Includes some recent Statistics and other Research on the Market.
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
Intense overview of most mobile security related issues
From Clust Education talk on Security Summit in Milan (Italy):
https://www.securitysummit.it/eventi/view/82
Symosis mobile application security risks presentation at ISACA SV. The presentation top 3 covers mobile application security risks and helps you prioritize your risk remediation efforts
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
The mobile banking and payments opportunity for financial institutions is tremendous, and those who offer the most secure apps will prevail over the competition. But this opportunity is not without hazards, and the effect on revenue and brand caused by hackers can be devastating.
In this webinar, IBM Security Trusteer and Arxan focuson the mobile threat landscape and leading protection techniques to safeguard mobile payments and apps.
Industry experts from IBM Security Trusteer and Arxan review:
The changes in technology that have made mobile applications so vulnerable
Emerging mobile threat vectors and what you can do to mitigate the risks
Musts for the future of your security model
View the on-demand recording: http://arxan.wistia.com/medias/036z0iw7y1
Unicom Conference - Mobile Application SecuritySubho Halder
Mobile adoption is strategic in every industry today. Although it can be a great catalyst for growth, the security risks that come with it cannot be overlooked. Even though this fact is established, many companies are still not following some of the mobile application security best practices. The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations during development. We will be covering from basic OWASP top 10 security issues to live demos on different use-case scenarios on how a hacker can hack your application, and how to prevent them.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
The modern organization has recognized the need to embrace mobile devices in the workplace, but this increase in mobile devices brings important security implications.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
View the on-demand recording: http://securityintelligence.com/events/how-to-hack-a-cryptographic-key/
Cryptographic-focused attacks are rapidly growing problems and one of the most difficult risks to minimize. If your organization is not taking appropriate steps to protect these keys, you are giving hackers easy access to your private data and transactions.
Join IBM Security and Arxan Technologies for an important and informative web event where you will learn the techniques employed by the bad guys, the numerous and varied problems key hacking can cause your organization, and how to mitigate this emerging threat.
Watch this webinar to:
- Learn why standard cryptography is no longer sufficient to address the risks posed by advanced key hacking and interception
- View a demonstration of key-hacking techniques and the vulnerabilities they pose
- Gain insight into best practices to stay ahead of hackers and criminals that pose a threat to your organization, customers, employees, brand and reputation
My presentation at SuperStrategies on how to justify the cost of IT security. The key? Focus on how security can help reduce speculative risk instead of hazard risk.
Confirmation Bias - How To Stop Doing The Things In IT Security That Don't WorkMichael Davis
However, what’s interesting is that the CISOs we spoke with say neither of these approaches
effectively solves the problem. Quantitative risk analysis isn’t the end all, be all. Just because a
risk is scored at 98 out of 100 doesn’t mean it will be remediated. Besides cost, the business
significantly influences the decision of whether to spend money. And most surprising to us, in
the end, many CISOs told us they ignore all their own data, vendor input and pundit whitepapers
and made a gut decision.
Let’s be clear: Gut decisions are not useful. Very often they’re based on a confirmation bias, also
called confirmatory or “my side” bias. That’s the tendency for people to favor information that
confirms their preconceptions or hypotheses, regardless of whether the information is true. If
you have a confirmation bias that laptop theft is the largest concern, whether it is or not, you
will find a way to get disk encryption to be the highest-priority project.
Avoiding confirmation bias can be difficult. The first step is to realize that we’re all prone to it.
If you have a tendency to collect a lot of information and then ignore it, or always find yourself
debating the rest of the organization on which threats are most imminent, you may be more
susceptible than average. Try this exercise: Ask your peers to honestly assess whether they think you frequently make decisions based on gut instinct. Listen to what they say, and understand
that it’s almost impossible to build trust with an information source—such as your risk
assessment team—if you have this tendency.
To study the cognitive behaviour involved in social psychology where people tend to infer character traits and personalities of individuals on the basis of very little information that they have acquired of the individuals (through their senses , hence cognitive bias)
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
Arxan Technologies, FS-ISAC, and IBM joined forces to deliver a presentation on how to protect your applications and data from emerging risks. This session will cover:
- The threat landscape regarding mobile payments
- How cybercriminals can hack your applications
- Comprehensive prevention and protection techniques
Make Mobilization Work - Properly Implementing Mobile SecurityMichael Davis
From my presentation at Super Strategies, how to make mobilizaiton work in your organization. sadly, security is used as a reason to not implement mobile devices; however, I present the real threats in Mobile Security (Adapted from the great Veracode Mobile Security Presetnation by Chris Wysopal (with permission)). I then provide details on what Mobile Device Management is, how it works, and how it compares to other options.
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
Mobile Apps and Security Attacks: An IntroductionNagarro
A general overview of why the security of your mobile device is important, what are the possible threats to mobile devices, and how you can detect the threats.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
More and more organization employees are required to work outside the office using tablets, laptops and smartphones. These technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Mobile technologies collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company. This webinar will discuss the risks faced by small to medium size organizations that require employees to work remotely. We will also discuss mitigation strategies.
This course provides an introduction to security for mobile applications. It walks through a basic threat model for a mobile application. This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques.
Cyberattacks are malicious actions taken by individuals, groups, or organizations against computer systems, networks, and digital devices with the intent to damage, steal or manipulate data, or disrupt normal operations. These attacks can target anyone, from individuals to governments and large corporations, and can cause severe damage to both personal and professional lives.
This webinar will explore the less-discussed topics of a mobile security strategy that everyone should understand – before it’s too late. Watch on-demand here: https://symc.ly/2z6hUsM.
Similar to ISACA CACS 2012 - Mobile Device Security and Privacy (20)
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
2. Agenda
• Trends that you must get in front of
• Macro-Social-Economic Models
• Two Sides of the Problem
– Mobile Device Management
– Mobile Device Application Security
• Social Media
• Ask Questions
3. Who am I?
• Michael A. Davis
– CEO of Savid Technologies
• IT Security Consulting
• Risk Assessments/Auditing
• Security Remediation
– Speaker at Major Security Conferences
• Defcon, CanSecWest, Toorcon, Hack In The Box
– Open Source Software Developer
• Snort
• Nmap
• Dsniff
11. Mobile Device Risks at Every Layer
• NETWORK: Interception of data over the air.
– WiFi has al the same problems as laptops
– GSM has shown some cracks. Chris Paget demo DEFCON 2010
• HARDWARE: Baseband layer attacks
– Memory corruption defects in firmware used to root your device
– Demonstrated at Black Hat DC 2011 by Ralf-Philipp Weinmann
• OS: Defects in kernel code or vendor supplied system code
– Every time iPhone or Android rooted/jailbroken this is usually the
cause
• APPLICATION: Apps with vulnerabilities and malicious code have access
to your data and device sensors
– Your device isn’t rooted but all your email and pictures are stolen,
your location is tracked, and your phone bill is much higher than
usual.
12. Mobile App Ecosystem
Mobile platform providers have different levels of controls over
their respective ecosystems
Platform Signing Revocation Approval
Android Anonymous, self-
signed
Yes No
iOS Signed by Vendor Yes Policy & Quality
Blackberry Signed with Vendor
issued key
Yes No
Windows Phone Signed by Vendor Yes Policy, Quality &
Security
Symbian Signed by Vendor Yes Quality
13. Malicious Functionality
1. Activity monitoring and data retrieval
2. Unauthorized dialing, SMS, and payments
3. Unauthorized network connectivity (exfiltration or
4. command & control)
5. UI Impersonation
6. System modification (rootkit, APN proxy config)
7. Logic or Time bomb
Vulnerabilities
7. Sensitive data leakage (inadvertent or side channel)
8. Unsafe sensitive data storage
9. Unsafe sensitive data transmission
10. Hardcoded password/keys
The Veracode Top 10 List
14. Activity monitoring and data
retrieval• Risks:
– Sending each email sent on the device to a hidden 3rd party address
– Listening in on phone calls or simply open microphone recording.
– Stored data, contact list or saved email messages retrieved.
• The following are examples of mobile data that attackers can monitor and
intercept:
– Messaging (SMS and Email)
– Audio (calls and open microphone recording)
– Video (still and full-motion)
– Location
– Contact list
– Call history
– Browsing history
– Input
– Data files
15. Activity monitoring and data
retrievalExamples:
Secret SMS Replicator for Android
http://www.switched.com/2010/10/28/sms-replicator-forwards-texts-
banned-android/
RBackupPRO for Symbian
http://www.theregister.co.uk/2007/05/23/symbian_signed_spyware/
16. Unauthorized dialing, SMS, and payments
• Directly monetize a compromised device
• Premium rate phone calls, premium rate SMS texts, mobile payments
• SMS text message as a spreading vector for
worms.
Examples:
Premium rate SMS – Trojan-SMS.AndroidOS.FakePlayer.a
https://www.computerworld.com/s/article/9180561/New_Android_malware
_texts_premium_rate_numbers
Premium rate phone call –Windows Mobile Troj/Terdial-A
http://nakedsecurity.sophos.com/2010/04/10/windows-mobile-terdial-
trojan-expensive-phone-calls/
17. Exfiltration or command & control
• Spyware or other malicious functionality typically requires exfiltration to be of
benefit to the attacker.
• Mobile devices are designed for communication. Many potential vectors that a
malicious app can use to send data to the attacker.
• The following are examples of communication channels attackers can use for
exfiltration and command and control:
– Email
– SMS
– HTTP get/post
– TCP socket
– UDP socket
– DNS exfiltration
– Bluetooth
– Blackberry Messenger
19. UI impersonation
• Similar to phishing attacks that impersonating website of their bank or
online service.
• Web view applications on the mobile device can proxy to legitimate
website.
• Malicious app creates UI that impersonates that of the phone’s native UI
or the UI of a legitimate application.
• Victim is asked to authenticate and ends up sending their credentials to an
attacker.
Example:
Proxy/MITM 09Droid Banking apps
http://www.theinquirer.net/inquirer/news/1585716/fraud-hits-android-apps-
market
20. System modification (rootkit, APN proxy config)
• Malicious applications will often attempt to modify the system
configuration to hide their presence. This is often called rootkit behavior.
• Configuration changes also make certain attacks possible. An example is
modifying the device proxy configuration or APN (Access Point Name).
• Example
Android “DroidDream” Trojans Rootkit Phone
http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-
malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-
phone-steal-your-data-and-open-backdoor
21. Logic or Time bomb [CWE-511]
Logic or time bombs are classic backdoor
techniques that trigger malicious activity based
on a specific event, device usage or time.
22. Sensitive data leakage [CWE-200]
• Sensitive data leakage can be either inadvertent or side channel.
• A legitimate apps usage of device information and authentication credentials
can be poorly implemented thereby exposing this sensitive data to 3rd parties.
– Location
– Owner ID info: name, number, device ID
– Authentication credentials
– Authorization tokens
Example:
Sensitive data leakage -Storm8 Phone Number Farming
http://www.boingboing.net/2009/11/05/iphone-game-dev-accu.html
Android “DroidDream” Trojans steal data
http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-
has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-
data-and-open-backdoor
23. Unsafe sensitive data storage [CWE-312]
• Mobile apps often store sensitive data such as banking and payment system
PIN numbers, credit card numbers, or online service passwords.
• Sensitive data should always be stored encrypted so that attackers cannot
simply retrieve this data off of the file system.
• It should be noted that storing sensitive data without encryption on
removable media such as a micro SD card is especially risky.
Examples:
Citibank insecure storage of sensitive data
http://www.pcworld.com/businesscenter/article/201994/citi_iphone_app_flaw_r
aises_questions_of_mobile_security.html
Wells Fargo Mobile application 1.1 for Android stores a username and password,
along with account balances, in clear text.
http://osvdb.org/show/osvdb/69217
24. Unsafe sensitive data transmission [CWE-319]
• It is important that sensitive data is encrypted in transmission lest it be
eavesdropped by attackers.
• Mobile devices are especially susceptible because they use wireless
communications exclusively and often public WiFi, which is known to be
insecure.
• SSL is one of the best ways to secure sensitive data in transit.
– Beware of downgrade attack if it allows degrading HTTPS to HTTP.
– Beware of not failing on invalid certificates. This would enable that a
man-in-the-middle attack.
25. Hardcoded password/keys [CWE-798]
• The use of hardcoded passwords or keys is sometimes used as a shortcut by
developers to make the application easier to implement, support, or debug.
• Once this hardcoded password is discovered through reverse engineering it
renders the security of the application or the systems it authenticates to with
this password ineffective.
Example:
Mastercard sample code:
http://jack-mannino.blogspot.com/2011/02/scary-scary-mobile-banking.html
final String companyId = "your-company-id-here";
final String companyPassword = "your-company-password-
here";
26. Determine Your Risk
• Your risk is unique depending on use of mobile
apps
• Start with e-mail, then calendar, then
contacts, then the device
• Use DLP to prevent the data form reaching
email in the first place
• Tablets should use RDP/Citrix to access “rich”
applications
• Enforce policy from the get go
27. • Form a Cross functional Mobility Council. Engage end
users – “Consumerization.”
• Prioritize Goals & Establish Mobility Plan
• Determine Applications that can be used
• Make the plan part of approved policy
– Define policy
– Document End User License Agreement
– Define who pays for the device (all/none/partial subsidy)
– Establish data security & management controls
– Deployment with proper tools
Strategy
28. • Think outside the box. At minimum, entertain cutting
edge MDM vendors with new ideas.
• MDM software can lessen the blow of multi-platform
madness. Ultimately makes multi-platform management
cheaper and more effective!
Security
Concerns
Security
Concerns
Support
Quality
Support
Quality
Performance
Optimization
Performance
Optimization
Cost
Control
Cost
Control
Mobile Management Over Time
Strategy
29. • Enroll devices in a controlled fashion vs. free-for-all
• Control Device Access to Corporate Network
– ActiveSync, Wi-Fi, VPN
• Enforce user-to-device authentication with pin code
• Set full or partial “lock/wipe” policies depending on who
owns the device
• Be leery of platforms without embedded crypto. Encrypt
devices and data cards, when possible.
• Deliver firewall and antivirus capabilities, if possible
• Whitelist Mobile Applications
Tactics
30. • Activesync features vary by phone platform and the
version of Exchange you use
• Users can be enrolled in ActiveSync…meaning it off for
everyone until turned on for individuals.
• Email / Calendar / Contacts / Tasks pushing and sync
• Full device wipe
• Device passwords
• Encrypted storage cards
• Bandwidth reductions
• Disable Wi-Fi / Bluetooth
And more…
The Basics - ActiveSync
31. • Maybe ActiveSync does not offer enough control?
• Mobile Device Manager platforms from a wide array of
vendors offer all sorts of control
• Before buying:
– Do your research well. They need to support the major
platforms.
– Don’t always take the first offer. Look at 3 minimum.
– Attempt to identify the visionaries
– Determine your business requirements and how they fit
– Verify vendor financial viability
• This space is moving fast
I want my MDM
32. • Multi-platform MDM that uses an agent software and
selective wipe.
• Multiple policies can be employed to monitor for
situations that exceed permitted bounds. Ex: “If you
jailbreak your device, you can’t VPN to Corp.”
• Comprehensive control & features across all major
platforms. User self servicing.
• MobileIron speaks:
– “prepare to support 3 mobile OS platforms!”
– “IT should not be surprised that lines of business are building
apps. IT can turn from being a blocker to an enabler.”
MDM Approach Example: MobileIron
36. Privacy Leaks
• Reveal sensitive information
• Defamation of others / organizations
• This can be inadvertent or deliberate
• And the repercussions include
– Reputation damage
– Damage to organization
– Fines
37. Privacy Leak Example
• July 2009: The wife of the chief of the British
secret service MI6 posted highly revealing details
on her Facebook page
• Her privacy settings meant anyone in the
"London" network could view her updates – up to
200 million people
• Information revealed included
– Family details
– Personal photos
– Location of their home
39. Mobile Privacy
• Data Collection
• Data Retention
• Data Sharing
What do your apps do?
40. Unaware Users
• Photos contain data on location,
etc
• Twitter, FB post
Location
• FB/Twitter filter
photo data but
phone doesn’t
• Once a photo, video or message is sent by mobile
phone, the user can never regain total control of
the content.
41. Privacy Solutions
• It is the email threat all over again
• Inherit trust of “friends” leads to bad choices
• Facebook, twitter, myspace
– All rip with malware and privacy problems
• Instant Messaging is also a growing medium
for malware distribution
• This is nothing more than social engineering
USER EDUCATION IS KEY