David Rook presented on Windows Phone 7 security. He began by providing context on the growing smartphone market and Microsoft's small market share. He then discussed the Windows Phone 7 platform security model, which uses chambers to enforce app isolation and least privilege. Rook also covered Windows Phone 7 application security best practices, emphasizing the importance of secure storage, authentication and authorization, and secure access to personal data. He concluded by briefly discussing new security aspects of Windows Phone 8.
Android os(comparison all other mobile os)DivyaKS12
The document discusses several mobile operating systems including Android, iOS, Windows Mobile, Blackberry OS, Symbian OS, and webOS. It provides details on the history and key features of each OS. For Android specifically, it describes how Android is built on the Linux kernel and uses Java for applications. It also explains the different layers of the Android software stack including the kernel, libraries and Android runtime.
This document provides an overview of the Android operating system, including its history, architecture, versions, features, advantages, and disadvantages. Android was founded in 2003 and was later acquired by Google in 2005. It uses an open source Linux kernel and is developed by the Open Handset Alliance. The architecture consists of four layers - the Linux kernel, native libraries, the Android runtime (Dalvik virtual machine), and applications. Key features include multi-tasking, a rich application ecosystem, and integration with Google services. Advantages are customization and openness, while disadvantages include inconsistent designs between apps and battery drain issues on some devices.
This document provides an overview of the Android operating system. It describes Android as a Linux-based operating system developed by Google and the Open Handset Alliance for use in smartphones and tablets. The document then discusses the major versions of Android, its key features like applications, architecture, interface, and security. It also profiles some popular Android phones like the Samsung Galaxy S3, HTC One X, and Motorola Droid Razr Maxx.
The document provides an introduction to the Android environment including:
- What Android is and the companies involved in its development like Google and the Open Handset Alliance.
- An overview of the Android software stack including the Linux kernel, libraries, application framework and Dalvik virtual machine.
- Different versions of the Android OS from 1.5 to 2.4 and their major features.
- How the Android environment is growing with over 350,000 new Android devices being activated daily.
Android was designed as an open platform for software development. It is free and supported by a large community of developers. Android relies on the Linux kernel and uses the Dalvik virtual machine. It supports applications written in Java and a variety of media formats. Some advantages are customization options, large screen support, and notifications. Google acquired Android Inc. in 2005 and it is now developed as an open collaboration led by Google.
The document provides an overview of the Android operating system. It discusses that Android is an open source software platform based on the Linux kernel and allows developers to write managed code using Java. It is developed by Google and other companies part of the Open Handset Alliance. The document then describes Android's history and architecture, including its use of the Linux kernel, Binder for inter-process communication, Dalvik virtual machine, core libraries, and application framework. It also covers the application lifecycle and how the Android system starts up.
This document provides an overview of mobile application development using Android. It discusses Android's architecture including the Linux kernel layer, libraries layer, Android runtime layer, application framework layer, and applications layer. It describes key Android components like activities, services, broadcast receivers, content providers, and intents. It also covers the Android development process, tools, requirements and versions.
Android os(comparison all other mobile os)DivyaKS12
The document discusses several mobile operating systems including Android, iOS, Windows Mobile, Blackberry OS, Symbian OS, and webOS. It provides details on the history and key features of each OS. For Android specifically, it describes how Android is built on the Linux kernel and uses Java for applications. It also explains the different layers of the Android software stack including the kernel, libraries and Android runtime.
This document provides an overview of the Android operating system, including its history, architecture, versions, features, advantages, and disadvantages. Android was founded in 2003 and was later acquired by Google in 2005. It uses an open source Linux kernel and is developed by the Open Handset Alliance. The architecture consists of four layers - the Linux kernel, native libraries, the Android runtime (Dalvik virtual machine), and applications. Key features include multi-tasking, a rich application ecosystem, and integration with Google services. Advantages are customization and openness, while disadvantages include inconsistent designs between apps and battery drain issues on some devices.
This document provides an overview of the Android operating system. It describes Android as a Linux-based operating system developed by Google and the Open Handset Alliance for use in smartphones and tablets. The document then discusses the major versions of Android, its key features like applications, architecture, interface, and security. It also profiles some popular Android phones like the Samsung Galaxy S3, HTC One X, and Motorola Droid Razr Maxx.
The document provides an introduction to the Android environment including:
- What Android is and the companies involved in its development like Google and the Open Handset Alliance.
- An overview of the Android software stack including the Linux kernel, libraries, application framework and Dalvik virtual machine.
- Different versions of the Android OS from 1.5 to 2.4 and their major features.
- How the Android environment is growing with over 350,000 new Android devices being activated daily.
Android was designed as an open platform for software development. It is free and supported by a large community of developers. Android relies on the Linux kernel and uses the Dalvik virtual machine. It supports applications written in Java and a variety of media formats. Some advantages are customization options, large screen support, and notifications. Google acquired Android Inc. in 2005 and it is now developed as an open collaboration led by Google.
The document provides an overview of the Android operating system. It discusses that Android is an open source software platform based on the Linux kernel and allows developers to write managed code using Java. It is developed by Google and other companies part of the Open Handset Alliance. The document then describes Android's history and architecture, including its use of the Linux kernel, Binder for inter-process communication, Dalvik virtual machine, core libraries, and application framework. It also covers the application lifecycle and how the Android system starts up.
This document provides an overview of mobile application development using Android. It discusses Android's architecture including the Linux kernel layer, libraries layer, Android runtime layer, application framework layer, and applications layer. It describes key Android components like activities, services, broadcast receivers, content providers, and intents. It also covers the Android development process, tools, requirements and versions.
The document discusses application development for MeeGo and the Intel AppUp store. It provides an overview of the MeeGo architecture and community, describes how to join the Intel AppUp developer program, create apps using the AppUp SDK, submit apps for validation and beta testing, and package apps for distribution. It also highlights opportunities for developers including worldwide application labs and funding.
This document presents information about mobile operating systems. It provides timelines of major mobile operating systems including Symbian OS, BlackBerry OS, iOS, Android, Windows Phone and others. It describes the architecture of Android including layers such as the Linux kernel, native libraries, Android runtime and applications framework. It also outlines the architecture of iOS including the Cocoa Touch layer, media layer, core services layer and core OS layer. In conclusion, it discusses how mobile operating systems continue to rapidly develop and impact many areas of technology.
The document summarizes technological growth from 1981 to 2012, focusing on developments in personal computing devices. It traces the evolution from desktop PCs in 1981 to smartphones and tablets by 2008. Hardware became smaller, more powerful, and more efficient over time. However, hardware alone did not enable this progress - operating systems also advanced significantly. Early systems gave way to mobile operating systems like Android and iOS that powered innovative features through touch interfaces, apps, and connectivity. This allowed for continual innovation in devices.
The document provides an overview of the Android operating system across 4 sections:
1) Basics covering the history, architecture, and core components of Android.
2) Application concepts including the application structure, activities, intents, and the manifest file.
3) Beyond basics on telephony, storage, content providers, and network services.
4) Advanced domains focusing on services, audio/video, cameras, sensors, and future technologies.
This document provides information about Intel's Ultrabook developer resources. It begins with a legal disclaimer stating that no licenses are granted and Intel assumes no liability. It then discusses the Intel AppUp Center for distributing apps, the Intel Ultrabook Community for developers, and provides instructions for publishing apps in the Intel AppUp store. The overall summary is that the document outlines Intel's resources for Ultrabook developers to distribute, engage with other developers, and publish apps.
The document discusses the architecture and benefits of the Android mobile operating system. It explains that Android addresses the growing needs of mobile users and developers by providing an open platform with built-in services, automatic application management, and portability across devices. The key components of the Android architecture include the Linux kernel, native libraries, Dalvik virtual machine, application framework, and applications/widgets layer. Android benefits developers by being free, open source, and not locked to any single vendor.
The document provides an overview of mobile application development on the Android platform. It discusses Android's architecture including its application building blocks like Activities, Content Providers, and Intents. It also covers Android development tools and how to get started with Android SDK and Eclipse IDE. The document summarizes key aspects of the Android platform like its open source nature, supported languages, and security model.
This document discusses Intel's AppUp developer program. It provides an overview of Intel's global presence, the growth of the app economy, and Intel's vision for the AppUp program. The AppUp program currently has over 70,000 developers from 202 countries who have created over 5,000 apps, resulting in over 810,000 app downloads. The document outlines some of the key developer and consumer features of the AppUp program.
This document provides an overview of Android app development. It discusses what Android is, its history and architecture. It describes the core components of an Android app like activities, services, content providers and intents. It also discusses Android Studio as the IDE, system requirements, how to develop a first app, common programming languages and learning resources. The goal is to introduce the key concepts for developing Android apps.
Android was founded in 2003 and was later acquired by Google in 2005. It was developed as an open source platform to lower the cost of developing mobile devices and services. The Android operating system is based on a Linux kernel and has gone through many versions named after desserts or sweets, starting with Cupcake in 2009 to the current KitKat version. It provides an open development platform and uses Linux for core functions like memory management and device drivers.
Introduces Mobile Operating Systems and goes deeply on Android OS presenting the different layers, developing basics and boot process. Also presents some hardware related topics.
This document is a seminar report submitted by Ganesh Waghmare on the topic of Android OS. It contains chapters covering features of the Android OS, its architecture, application framework, libraries, runtime, kernel and more. The report was submitted to fulfill degree requirements at MAEER's MIT College of Engineering, Pune, under the guidance of Prof. Sukhada Bhingarkar. It includes an acknowledgment, table of contents, and glossary related to Android OS.
This document provides an overview of the Android mobile platform, including:
1) It describes the Android ecosystem and key components like OEMs, service providers, developers, and users.
2) It outlines the major mobile operating systems and highlights some key differences between Android and iOS.
3) It provides a brief history of Android and the Open Handset Alliance.
4) It discusses Google services that are integrated with Android and the Android Marketplace.
5) It explains why Android is growing in popularity with developers, OEMs, and service providers.
Android is an open source software stack for mobile devices that includes an operating system, middleware, and key applications. It allows developers to write managed code in Java for the Dalvik virtual machine. The Android software development kit includes tools and APIs for building applications using reusable components like activities, services, and content providers. Applications are debugged using an emulator or by testing on actual devices. [/SUMMARY]
Android is an open source operating system used primarily for mobile devices. It is based on the Linux kernel and allows developers to write managed code using Java. Some key versions and their features include Cupcake adding video playback, Gingerbread adding VoIP support, Ice Cream Sandwich combining phone and tablet interfaces, KitKat adding NFC support, and Marshmallow focusing on battery life with an app standby feature. The document provides an overview of Android's history and development.
Android is an open source operating system based on Linux. It was originally developed by Android Inc. and later acquired by Google. Android provides a framework for building apps using Java and runs them on a virtual machine called Dalvik, which was optimized for mobile devices. The Android software stack consists of apps running on top of libraries, an application framework, and the Dalvik virtual machine running on the Linux kernel.
This document provides an overview of Android and mobile application development. It discusses the history of Android, including its origins at Android Inc. and acquisition by Google. It describes the core components of the Android software stack and architecture. The document outlines the Android development process and tools used to build, run, test and publish Android apps. It also discusses advantages and disadvantages of developing for mobile platforms.
Android is becoming very popular these and mostly everyone is crazy about it. So today with the help of a simple diagram I am going to explain the architecture of Android. I think that there is no need to tell you all about the "Android" as everyone who knows about it should also know this simple definition of Android:
The document appears to be slides from a presentation given by David Rook on static analysis and security code reviews. It discusses the principles of secure development, different types of security code reviews ranging from "ugly" to "good", and introduces Agnitio as a tool that uses checklists to help with manual static analysis and produces audit trails and metrics. Examples of past engineering failures are given to argue that checklists should not be dismissed as only for "n00bs".
The document discusses application development for MeeGo and the Intel AppUp store. It provides an overview of the MeeGo architecture and community, describes how to join the Intel AppUp developer program, create apps using the AppUp SDK, submit apps for validation and beta testing, and package apps for distribution. It also highlights opportunities for developers including worldwide application labs and funding.
This document presents information about mobile operating systems. It provides timelines of major mobile operating systems including Symbian OS, BlackBerry OS, iOS, Android, Windows Phone and others. It describes the architecture of Android including layers such as the Linux kernel, native libraries, Android runtime and applications framework. It also outlines the architecture of iOS including the Cocoa Touch layer, media layer, core services layer and core OS layer. In conclusion, it discusses how mobile operating systems continue to rapidly develop and impact many areas of technology.
The document summarizes technological growth from 1981 to 2012, focusing on developments in personal computing devices. It traces the evolution from desktop PCs in 1981 to smartphones and tablets by 2008. Hardware became smaller, more powerful, and more efficient over time. However, hardware alone did not enable this progress - operating systems also advanced significantly. Early systems gave way to mobile operating systems like Android and iOS that powered innovative features through touch interfaces, apps, and connectivity. This allowed for continual innovation in devices.
The document provides an overview of the Android operating system across 4 sections:
1) Basics covering the history, architecture, and core components of Android.
2) Application concepts including the application structure, activities, intents, and the manifest file.
3) Beyond basics on telephony, storage, content providers, and network services.
4) Advanced domains focusing on services, audio/video, cameras, sensors, and future technologies.
This document provides information about Intel's Ultrabook developer resources. It begins with a legal disclaimer stating that no licenses are granted and Intel assumes no liability. It then discusses the Intel AppUp Center for distributing apps, the Intel Ultrabook Community for developers, and provides instructions for publishing apps in the Intel AppUp store. The overall summary is that the document outlines Intel's resources for Ultrabook developers to distribute, engage with other developers, and publish apps.
The document discusses the architecture and benefits of the Android mobile operating system. It explains that Android addresses the growing needs of mobile users and developers by providing an open platform with built-in services, automatic application management, and portability across devices. The key components of the Android architecture include the Linux kernel, native libraries, Dalvik virtual machine, application framework, and applications/widgets layer. Android benefits developers by being free, open source, and not locked to any single vendor.
The document provides an overview of mobile application development on the Android platform. It discusses Android's architecture including its application building blocks like Activities, Content Providers, and Intents. It also covers Android development tools and how to get started with Android SDK and Eclipse IDE. The document summarizes key aspects of the Android platform like its open source nature, supported languages, and security model.
This document discusses Intel's AppUp developer program. It provides an overview of Intel's global presence, the growth of the app economy, and Intel's vision for the AppUp program. The AppUp program currently has over 70,000 developers from 202 countries who have created over 5,000 apps, resulting in over 810,000 app downloads. The document outlines some of the key developer and consumer features of the AppUp program.
This document provides an overview of Android app development. It discusses what Android is, its history and architecture. It describes the core components of an Android app like activities, services, content providers and intents. It also discusses Android Studio as the IDE, system requirements, how to develop a first app, common programming languages and learning resources. The goal is to introduce the key concepts for developing Android apps.
Android was founded in 2003 and was later acquired by Google in 2005. It was developed as an open source platform to lower the cost of developing mobile devices and services. The Android operating system is based on a Linux kernel and has gone through many versions named after desserts or sweets, starting with Cupcake in 2009 to the current KitKat version. It provides an open development platform and uses Linux for core functions like memory management and device drivers.
Introduces Mobile Operating Systems and goes deeply on Android OS presenting the different layers, developing basics and boot process. Also presents some hardware related topics.
This document is a seminar report submitted by Ganesh Waghmare on the topic of Android OS. It contains chapters covering features of the Android OS, its architecture, application framework, libraries, runtime, kernel and more. The report was submitted to fulfill degree requirements at MAEER's MIT College of Engineering, Pune, under the guidance of Prof. Sukhada Bhingarkar. It includes an acknowledgment, table of contents, and glossary related to Android OS.
This document provides an overview of the Android mobile platform, including:
1) It describes the Android ecosystem and key components like OEMs, service providers, developers, and users.
2) It outlines the major mobile operating systems and highlights some key differences between Android and iOS.
3) It provides a brief history of Android and the Open Handset Alliance.
4) It discusses Google services that are integrated with Android and the Android Marketplace.
5) It explains why Android is growing in popularity with developers, OEMs, and service providers.
Android is an open source software stack for mobile devices that includes an operating system, middleware, and key applications. It allows developers to write managed code in Java for the Dalvik virtual machine. The Android software development kit includes tools and APIs for building applications using reusable components like activities, services, and content providers. Applications are debugged using an emulator or by testing on actual devices. [/SUMMARY]
Android is an open source operating system used primarily for mobile devices. It is based on the Linux kernel and allows developers to write managed code using Java. Some key versions and their features include Cupcake adding video playback, Gingerbread adding VoIP support, Ice Cream Sandwich combining phone and tablet interfaces, KitKat adding NFC support, and Marshmallow focusing on battery life with an app standby feature. The document provides an overview of Android's history and development.
Android is an open source operating system based on Linux. It was originally developed by Android Inc. and later acquired by Google. Android provides a framework for building apps using Java and runs them on a virtual machine called Dalvik, which was optimized for mobile devices. The Android software stack consists of apps running on top of libraries, an application framework, and the Dalvik virtual machine running on the Linux kernel.
This document provides an overview of Android and mobile application development. It discusses the history of Android, including its origins at Android Inc. and acquisition by Google. It describes the core components of the Android software stack and architecture. The document outlines the Android development process and tools used to build, run, test and publish Android apps. It also discusses advantages and disadvantages of developing for mobile platforms.
Android is becoming very popular these and mostly everyone is crazy about it. So today with the help of a simple diagram I am going to explain the architecture of Android. I think that there is no need to tell you all about the "Android" as everyone who knows about it should also know this simple definition of Android:
The document appears to be slides from a presentation given by David Rook on static analysis and security code reviews. It discusses the principles of secure development, different types of security code reviews ranging from "ugly" to "good", and introduces Agnitio as a tool that uses checklists to help with manual static analysis and produces audit trails and metrics. Examples of past engineering failures are given to argue that checklists should not be dismissed as only for "n00bs".
This document discusses an issue that occurred on June 21 involving over 14,000 people or items. Further details are not provided in the document, which only lists brief details such as the word "issue", a number, a date, and a count without any other contextual or explanatory information.
The Security Risks of Web 2.0 - DEF CON 17Security Ninja
1) The document discusses a meeting between parties to resolve issues.
2) Several topics were discussed including compensation and responsibilities.
3) An agreement was reached and next steps were outlined.
The Principles of Secure Development - Epicenter DublinSecurity Ninja
The document discusses the history and current state of the <4<# Y ."@? @ ,%<"< < " (R< "! @ + organization. It was founded in 1989 to promote research and education. Currently, it has over 1,000 members across many countries. The organization holds annual conferences to share new findings and advances in the field.
SecurityBSides London - Agnitio: it's static analysis but not as we know itSecurity Ninja
- David Rook is a security analyst and speaker who developed Agnitio, a tool to help with manual static code analysis.
- Traditional static analysis involves human review of source code with or without tools, but humans have limitations. Agnitio aims to address these limitations by providing checklists, guidance, and automated processes to produce audit trails and metrics.
- The presentation will discuss traditional static analysis approaches, principles of secure development, and provide a sneak preview of new features in Agnitio version 2.0 to help improve the security code review process.
David Rook presents on Agnitio, a security code review tool. He discusses static analysis and the benefits of checklists for code reviews. Agnitio aims to help with manual code reviews through checklists, audit trails, and metrics to produce reports. It can link to automated code analysis and was demonstrated reviewing sample code and producing reports. Future goals include verification records and mobile app checklists.
Android is a mobile operating system based on a modified version of the Linux kernel. It was developed by Android Inc., which was bought by Google in 2005. It allows developers to write managed code in Java for a software stack that includes libraries, a Java-compatible virtual machine called Dalvik, and security enhancements. Major versions include 1.0, 1.5 Cupcake, 2.0/2.1 Eclair, 2.2 Froyo, 2.3 Gingerbread, 4.0 Ice Cream Sandwich. Android is used by many phone manufacturers and on devices like Samsung Galaxy and Motorola phones. It offers features like application frameworks, media support, and GSM telephony, along with advantages like
This document is from a technical seminar on Android that discusses key aspects of the Android platform. It covers why Android was created as an open source platform, its architecture including applications, framework, libraries and the Linux kernel. It also compares Android to other mobile platforms like iOS, Windows Mobile and Blackberry, and discusses uses of Android and differences between Apple and Android devices.
The document discusses converting iPad apps to Windows Store apps. It covers popular apps, application architecture, lifecycle, data storage, UI guidelines, commands, orientation, notifications, app layouts, and tools for Windows 8 app development. Unique traits like snap views and semantic zoom in Windows 8 are also examined.
Android is an open-source software platform and operating system for mobile devices. It was developed by Andy Rubin, Rich Miner, Nick Sears and Chris White and was later acquired by Google in 2005. Android is not hardware but a software stack that includes an operating system, middleware and key applications. It supports wireless communication technologies like 3G, 4G, WiFi and Bluetooth. Android has seen many updates over the years with improvements to its user interface, speed, and additional features and capabilities. It remains one of the most popular mobile operating systems globally.
Google acquired Android Inc. in 2005 and launched the Android mobile operating system in 2007 with the Open Handset Alliance, including companies like Qualcomm. Android uses the Linux kernel for core functions and relies on Java for application development. It has an open source model and uses components like SQLite for data storage, Dalvik virtual machine, and integrated browser. While popular for its openness and customization, Android faces security and compatibility challenges. Overall it has become very successful with the mobile market.
This document summarizes key aspects of the Android operating system. It discusses what Android is, its architecture, versions, advantages and disadvantages compared to iOS. The architecture section explains that Android is based on the Linux kernel and uses various open source libraries and frameworks. It also summarizes the main applications building blocks in Android like activities, intents, services and content providers. The document concludes by comparing some differences between Android and iOS like open source vs proprietary, supported features and customization options.
The document discusses Android testing, including:
- Android is an open-source operating system developed by Google and based on Linux. It allows developers to write applications using Java.
- The Android SDK provides tools for application development, including an emulator, debugger, and compiler. Developers can install and test apps on emulators or rooted devices.
- Key Android versions and their API levels are listed, along with tools for app installation, uninstallation, and debugging like ADB, DDMS, and the Android emulator.
Android is an open-source, Linux-based operating system used for mobile devices. It was developed by Google and the Open Handset Alliance. The goal was to improve the mobile experience for users. Key features include being open-source, allowing customization, and providing many applications. It uses the Dalvik virtual machine and core components include activities, views, intents, services, and content providers.
Developing for Windows Phone 8 and Windows 8Dave Bost
This document discusses cross-platform development between Windows 8 and Windows Phone 8. It outlines common APIs, structures, and strategies that can be used to build apps for both platforms, including portable class libraries, MVVM, and conditional compilation. Specifically, it shows how abstraction layers like ViewModels, shared base class libraries, and extension methods allow code to be reused while still supporting each platform's native controls and user experience conventions. The goal is to allow developers to build high quality, synchronized experiences across devices while accounting for differences in capabilities and form factors.
The document discusses Google Chrome OS, an open-source operating system based on Linux and cloud computing. It provides a brief history of Chrome OS, describing its initial release in 2009 and prototype hardware in 2010. The core features of Chrome OS are explained as instant boot times, cloud computing, a consistent experience across devices, and built-in security. Design goals and differences between Chrome OS, Windows, and Linux are also outlined. The document concludes with examples of Chrome OS apps and a discussion of advantages like security and disadvantages like lack of offline functionality.
This Presentation (Android) is prepared by me for Education Purpose. And be careful for Hyperlinks. There are so many Hyperlinks. Just click on them.
Thank You
Mr. SOM
The document provides an overview of the history and development of the Android operating system. It discusses how Android was founded in 2003 and later developed by Google. It describes the various versions of Android from 1.0 to the upcoming versions. It also outlines the key aspects of the Android architecture including its open source nature, use of Java and Linux kernel, and its layered design. Finally, it covers the features, advantages, disadvantages and security aspects of the Android platform.
Windows Mobile is a compact operating system that runs on mobile devices like Pocket PCs, smartphones, portable media centers and automotive computers. It is designed to resemble desktop versions of Windows. Third party software can be developed for Windows Mobile using languages like C# and Visual Basic in the Visual Studio IDE. While Windows Mobile provides connectivity options and security features, its interface has been criticized for the number of steps required to perform tasks. However, Microsoft continues improving Windows Mobile.
This document provides an overview of mobile application development with Android. It discusses what Android is, the Android software stack including the Linux kernel and libraries, and the different types of Android applications like foreground apps, background services, and widgets. It also covers the basic application components in Android like activities, services, content providers, and intents. Finally, it discusses some pre-installation requirements and considerations for Android development.
This PPT is designed to give you a high level overview of Android as a development platform. It provide introduction to what the Android operating system is, how we got here, what makes it fundamentally different than any other platform, and how to take advantage of its uniqueness. By the end of this course, you will have a complete understanding of the entire operating system, at a high level
Google Developer Group(GDG) DevFest Event 2012 Android talkImam Raza
This presentation is Imam Raza's tech talk on "Android" in Google Developer Group DevFest 2012 Event. In the event Mr. Imam Raza condemned recent blasphemy act of Google of not removing blasphemy video by saying "Shame on You". He also appreciated the efforts of minorities who stand with Muslim community on this issue.
He also read following Stanza from Allama Iqbal poem "Jawaab-e-Shikwa", in which Allah is answering to complains of Muslims to Him. In below stanza Allah is praising His prophet Mohammad (peace be upon him) and telling that this universe is made due His beloved prophet Mohammad (peace be upon him). In last part of stanza Allah tells Muslims that if they want to success in this world and there after then they have to make themselves loyal to Mohammad (peace be upon him).
ہو نہ یہ پھول تو بلبل کا ترنم بھی نہ ہو
چمن دہر میں کلیوں کا تبسم بھی نہ ہو
یہ نہ ساقی ہو تو پھر مے بھی نہ ہو،خم بھی نہ ہو
بزم توحید بھی دنیا میں نہ ہو، تم بھی نہ ہو
خیمہ افلاک کا استادة اسی نام سے ہے
نبض ہستی تپش امادة اسی نام سے ہے
دشت میں، دامن کہسارمیں،میدان میں ہے
بحر میں، موج کی ا غوش میں،طوفان میں ہے
چین کے شہر، مراقش کے بیابان میں ہے
اور پوشیدة مسلمان کے ایمان میں ہے
چشم اقوام یہ نظارة ابد تک دیکھے
رفعت شان رفعنالک ذکرک دیکھے
کی محمد سے وفا تو نے تو ہم تیرے ہیں
یہ جہاں چیز ہے کیا، لوح و قلم تیرے ہیں
The document discusses mobile software trends, including the history and convergence of mobile operating systems like Android, iOS, and Windows Phone. It summarizes key points about each platform and how the industry is shifting as mobile devices take on more traditional computer functions through powerful processors and "screen + experience" designs. The rise of virtualization technologies and cloud-based services are changing how mobile software is developed and delivered across a variety of devices.
Android is an open-source operating system developed by Google and the Open Handset Alliance. It allows developers to write managed code in Java and uses the Linux kernel. The first commercial version was released in 2008 and it has seen ongoing updates. Android is optimized for mobile devices and enables component reuse, replacement and multitasking. The software stack includes applications, an application framework, the Linux kernel, libraries and the Android runtime which includes the Dalvik Virtual Machine. Future versions aim to overcome limitations and expand possibilities.
This document provides an overview of Android technology, including:
- What Android is and its history as an open source operating system developed by Google and the Open Handset Alliance.
- The key components of the Android architecture including the Linux kernel, native libraries, runtime libraries, application framework, and applications.
- How to develop an Android app using Java and Kotlin, and some popular Android apps like Facebook, Instagram, and WhatsApp that have been downloaded billions of times.
- Android versions, features like being open, customizable and breaking down barriers for developers, and benefits like reusability and security from running each app in its own process.
Similar to Owasp App Sec Ireland Windows Phone 7 Security (20)
I presented The Realex Payments Application Story at SecurityBSides London 2013. The talk tells the story of our application security program and how it has developed over the past six years.
OWASP Birmingham - Mobile Application SecuritySecurity Ninja
David Rook presented on mobile application security at OWASP Birmingham. He discussed how the mobile app explosion has created value for businesses but also risks because most developers are not trained in secure coding. Key statistics included over 1 million apps, $15 billion in app sales in 2011, 30 billion app downloads, and 115 million smartphones sold in Q3 2011.
David Rook is a security expert who developed Agnitio, an open source security code review tool. He gave a presentation on static analysis and how Agnitio can help with security code reviews through checklists, reports, and metrics. It is designed to improve the review process and help prevent security issues like those that occurred in past software failures. He also discussed how mobile apps are increasingly common but mobile developers often lack security training, and how Agnitio can help with reviews of mobile application code.
SecurityBSides London - Jedi mind tricks for building application security pr...Security Ninja
The document discusses using business language and metrics to gain executive support for application security programs. It recommends translating technical security risks into monetary costs by estimating the organization's vulnerabilities, potential breach costs based on past incidents, and likelihood of threats occurring based on industry data. This allows expressing security risks in terms executives understand like potential financial losses.
Injecting simplicity not SQL RSA Europe 2010Security Ninja
This document discusses an approach to secure development based on principles rather than focusing on specific vulnerabilities. It outlines several principles such as input validation, output validation, error handling, authentication and authorization, session management, secure communications, secure storage, and secure resource access. Examples are given for some principles and short demos are described to showcase vulnerabilities when principles are not followed. The conclusion is that following general secure development principles can help developers write more secure code and prevent a wide range of vulnerabilities, rather than focusing on individual "vulnerabilities of the day." It claims this approach is working for one private banking company that redesigned its security training around these principles.
Injecting simplicity not SQL BSides Las Vegas 2010Security Ninja
David Rook presented on injecting simplicity not SQL at SecurityBSides in Las Vegas. He argued that the current approach to application security, which focuses on educating developers about specific vulnerabilities, has failed to make meaningful progress in reducing vulnerabilities like SQL injection and cross-site scripting over the past decade. Instead, he proposed teaching developers principles of secure development that would help them build more secure applications from the start and prevent a wide range of vulnerabilities.
David Rook presented on The Principles of Secure Development at the OWASP Ireland Conference in Dublin. He outlined 8 principles of secure development: input validation, output validation, error handling, authentication and authorization, session management, secure communications, secure storage, and secure resource access. The principles are meant to teach developers how to build security into their code from the start rather than focusing on specific vulnerabilities. Rook argued this approach could help reduce common vulnerabilities like SQL injection and cross-site scripting.
The document discusses the evolution of HTML and the introduction of new features in HTML5 such as offline storage capabilities. It summarizes the different types of storage in HTML5 like sessionStorage, localStorage, and local databases. It also highlights some security issues with the new features like lack of access control, same origin policy vulnerabilities, and risks of SQL injection attacks on local databases. In conclusion, it mentions that web applications are becoming more like desktop applications and bringing more functionality to the browser.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
2. if (slide == introduction)
System.out.println("I’m David Rook");
• Application Security Lead, Realex Payments, Dublin
CISSP, CISA, GCIH and many other acronyms
• Security Ninja (@securityninja)
• Speaker at developer and security conferences
• Microsoft Developer Security MVP
• SC Magazine Information Security Rising Star 2012
• Developed and released Agnitio and the WPAA
Friday, 7 September 2012
3. Agenda
• Smartphones and apps - big numbers, little security?
• Windows Phone 7 introduction
• Windows Phone 7 platform security
• Windows Phone 7 application security
Friday, 7 September 2012
4. Mobile device sales 2011
472 million
Smartphones
31%
Mobile
69%
1.3 billion
Source: http://www.gartner.com/it/page.jsp?id=1924314
Friday, 7 September 2012
5. Smartphone OS market share 2011
Microsoft
2%
RIM
9%
Symbian
12%
Android
51%
iOS
24%
Source: http://www.gartner.com/it/page.jsp?id=2120015
Friday, 7 September 2012
6. Smartphone OS market share 2011
• Microsoft has 1.9% of the smartphone market share
• Smaller market share than something called Bada
Friday, 7 September 2012
8. Smartphone OS market share 2011
• Microsoft has 1.9% of the smartphone market share
• Smaller market share than something called Bada
• Should I even continue with this talk about Windows Phone 7?
• Similar approach to Android with many devices available
Friday, 7 September 2012
10. Smartphone OS market share 2011
• Microsoft has 1.9% of the smartphone market share
• Smaller market share than something called Bada
• Should I even continue with this talk about Windows Phone 7?
• Similar approach to Android with many devices available
• IDC predict that they will have 20% market share by 2015
Friday, 7 September 2012
12. Smartphone OS market share 2011
• Microsoft has 1.9% of the smartphone market share
• Smaller market share than something called Bada
• Should I even continue with this talk about Windows Phone 7?
• Similar approach to Android with many devices available
• IDC predict that it will have 20% market share by 2015
• 20% is unlikely but it’s market share will increase in my opinion
Friday, 7 September 2012
14. Windows Phone 7 Introduction
• The smartphone from Microsoft
• First released in late 2010 with 7 updates since then
• Based on Windows Embedded Compact v6 and v7
• Minimum “tough but fair” hardware requirements
• Apps only available via the Windows Phone Marketplace
• Specifically aimed at the consumer market not enterprise
Friday, 7 September 2012
16. Windows Phone 7 Introduction
• .NET Compact Framework
• Version of the .NET framework for resource constrained devices
• Some of the same classes and some mobile specific ones
• Compiler translates your code into Intermediate Language
• Apps are JIT compiled and executed by the .NET CLR
• Only managed .NET code allowed in your apps*
Friday, 7 September 2012
18. Windows Phone 7 Introduction
• Windows Phone 7 Kernel Architecture
• 32bit OS that runs inside a 4GB virtual address space
• 2GB allocated to the kernel and 2GB to process executing
• That isn’t quite true, the process executing only gets 1GB
• 1GB is for components commonly mapped into all processes
Friday, 7 September 2012
19. Windows Phone 7 Introduction
• Windows Phone 7 Kernel Architecture
APPLICATIONS
Space
User
TELSHELL.EXE UDEVICES.EXE SERVICESD.EXE CPROG.EXE
COREDLL/WINSOCK/COMMCRL/WININET
kCoreDLL.DLL
KERNEL.DLL
Kernel
Space
FILESYS.DLL Device.DLL
GWES Network
OAL.EXE
FSDMGR.DLL Drivers
Hardware
Friday, 7 September 2012
20. Windows Phone 7 Introduction
Process Code
Process
Space
2GB
User DLLs
Memory Mapped Files
GWES
Kernel
Space
Drivers
2GB
File System
Kernel
Friday, 7 September 2012
21. Windows Phone 7 Introduction
Shared System Heap
256MB
processes
across all
Common
RAM Backed Mapfiles
256MB
Process
Memory
Shared User DLLs
2GB
512MB
Private to
process
each
Process Space
1GB per process
Friday, 7 September 2012
22. Windows Phone 7 Platform Security
• Windows Phone 7 Security Model
• Chambers concept to enforce app isolation and least privilege
• The chambers provide a security boundary to restrict the apps
• Four chambers and apps run in one of them
• Three chambers have fixed permission sets
• The fourth chamber is capabilities based
Friday, 7 September 2012
23. Windows Phone 7 Platform Security
Trusted Computing
Base (TCB)
Elevated Rights Fixed permissions
Chamber (ERC)
Standard Rights
Chamber (SRC)
Least Privileged
Capabilities based
Chamber (LPC)
Friday, 7 September 2012
24. Windows Phone 7 Platform Security
Trusted Computing
Base (TCB)
• The kernel and kernel-mode drivers run in the TCB chamber
• Allows processes to have unrestricted access to most resources
• The TCB chamber can modify policy and enforce the security model
• Only Microsoft can add signed software to the TCB chamber
Friday, 7 September 2012
25. Windows Phone 7 Platform Security
Elevated Rights
Chamber (ERC)
• User-mode drivers and services runs in this chamber
• Can access all resources except security policy
• Intended for services and user-mode drivers
• Only Microsoft can add signed software to the ERC chamber
Friday, 7 September 2012
26. Windows Phone 7 Platform Security
Standard Rights
Chamber (SRC)
• The default chamber for pre-installed MS and OEM applications
• Apps that do not provide device-wide services run in the SRC
Friday, 7 September 2012
27. Windows Phone 7 Platform Security
Least Privileged
Chamber (LPC)
• The default chamber for all non-Microsoft applications
• Least Privileged Chambers are configured using capabilities
• Capabilities listed in applications WMAppManifest.xml file
Friday, 7 September 2012
28. Windows Phone 7 Platform Security
• Windows Phone 7 Application Capabilities
• Application capabilities are features that an app uses
• Apps request permission to access protected APIs during the
deployment process
• Default app manifest file includes a list of all the capabilities*
• WP7 grants security permissions based on the contents of your
WMAppManifest.xml file*
• Not everything your app does needs a capability defined
Friday, 7 September 2012
29. Windows Phone 7 Platform Security
• Windows Phone 7 Application Capabilities
• Capability checks are enforced at runtime
• Permission set for the apps LPC is created based on the
capabilities
• Requests for other resources == UnauthorizedAccessException
• This exception occurs when the access is attempted not when
the app is executed
Friday, 7 September 2012
31. Windows Phone 7 Platform Security
• Windows Phone 7 Capabilities Detection Demo
Friday, 7 September 2012
32. Windows Phone 7 Platform Security
• Windows Phone 7 Application Signing
• Apart from developer unlocked devices apps must be signed
• Microsoft automatically signs approved apps
• Apps must have a valid Microsoft signature to be installed
Friday, 7 September 2012
34. Windows Phone 7 Platform Security
• Windows Phone 7 Application Sandboxing
• Apps execute within a restricted LPC as we saw earlier
• Cannot communicate with other apps on the phone
• Sandboxed apps aren’t allowed to run in the background
• No access to native code from within the sandbox
• All I/O operations are restricted to per app Isolated Storage
Friday, 7 September 2012
35. Windows Phone 7 Platform Security
• Windows Phone 7 Application Isolated Storage
• Per app Isolated Storage allows apps to keep data “private”
• Very similar to Isolated Storage in Silverlight
• No direct access to the file system
• No access to other apps Isolated Storage
• Three different ways to use your apps Isolated Storage
Friday, 7 September 2012
37. Windows Phone 7 Application Security
• Windows Phone 7 Application Security
• Mobile application security introduces almost no new issues
• Forget about specific vulnerabilities for one minute
• Think about the root causes of vulnerabilities, I’ll give you a hand
Friday, 7 September 2012
39. Windows Phone 7 Application Security
• Windows Phone 7 Application Security
• Mobile application security introduces almost no new issues
• Forget about specific vulnerabilities for one minute
• Think about the root causes of vulnerabilities, I’ll give you a hand
• From that list what do you think the top 3 are?
• My top 3 are:
• Secure Storage
• Authentication and Authorisation
• Secure Resource Access/Privacy
Friday, 7 September 2012
40. Windows Phone 7 Application Security
• OWASP Top 10 Mobile Risks
• I compared the OWASP top 10 mobile risks to my list
• 50% Secure Storage/Secure Communications
• 20% Authentication and Authorisation
• 0% Privacy*
Friday, 7 September 2012
41. Windows Phone 7 Application Security
• OWASP Mobile Controls
• Lists the mobile app security controls you should implement
• I compared each control to the list I showed you, guess what?
• 26% Secure Storage
• 16% Secure Communications
• 16% Authentication and Authorisation
• 16% Secure Resource Access*
Friday, 7 September 2012
42. Windows Phone 7 Application Security
• My top 3 in the real world
• Secure Storage: Facebook, Citibank, LinkedIn, Google Wallet
• A&A: Foodspotting, Google Wallet, Google (multiple apps)
• SRA/Privacy: Path, Hipster, Ad Libraries
• This doesn’t mean we can ignore all of the other issues
Friday, 7 September 2012
43. Windows Phone 7 Application Security
• Preventing the top 3 in your WP7 apps
• I can’t cover every principle in this talk
• With that in mind I'm grouping them to make a "new" top 3
• Data Security - Secure Storage and Communications
• Authentication and Authorisation
• Data Access/Privacy
Friday, 7 September 2012
44. Windows Phone 7 Application Security
• Windows Phone 7 Data Security
• Never store data on the device if it really isn’t needed
• WP7 allows us to encrypt data and databases
• Only new databases can be encrypted but very easy to do
• DPAPI is used for file/password/pin etc encryption
• No hashing available and no algorithm selection
Friday, 7 September 2012
45. Windows Phone 7 Application Security
• Windows Phone 7 Data Security
• The local database encryption is based on a password
• You create a DB in code and you must include the password
• The database is encrypted using AES-128
• The password is hashed using SHA-256
• An encrypted database can be created with two lines of code
Friday, 7 September 2012
46. Windows Phone 7 Application Security
// Create the data context, specify the database file location and password
DavesDataContext db = new DavesDataContext ("Data Source=isostore:/NinjaSecrets.sdf;Password=NinjaPassword");
// Create an encrypted database after confirming that it does not exist
if (!db.DatabaseExists()) db.CreateDatabase();
Friday, 7 September 2012
47. Windows Phone 7 Application Security
• Windows Phone 7 Data Security
• Saving data to an apps isolated storage is not secure
• If you want to encrypt data and not a DB you use the DPAPI
• Use the System.Security.Cryptography.ProtectedData class
• Specifically the Protect() and Unprotect() methods
• Symmetric encryption (AES) used. Hashing isn’t possible
Friday, 7 September 2012
48. Windows Phone 7 Application Security
• Windows Phone 7 Data Security
• Every app on a WP7 phone gets its own Encryption Key
• DPAPI generates and securely stores this for you
• Calling Protect() or Unprotect() implicitly selects the apps key
• optionalEntropy parameter can be used to provide extra entropy
Friday, 7 September 2012
49. Windows Phone 7 Application Security
• Encrypted Data Code Sample
Friday, 7 September 2012
50. Windows Phone 7 Application Security
• Windows Phone 7 Data Security
• Secure Communications is a lot easier!
• Very little to do with the app code itself in my opinion
• More to do with good design and a good security code review!
• Data sent to web services, SQL Azure etc needs protection
• No client side SSL certs allowed and no VPN functionality
Friday, 7 September 2012
51. Windows Phone 7 Application Security
• Windows Phone 7 Authentication & Authorisation
• Not just talking about app logon or service authentication
• Specifically talking about access to data on the device
• Gaining users authorisation before accessing sensitive data
• This includes access to users contacts, SMS etc
• I know we already "asked" in the WMAppManifest.xml file....
Friday, 7 September 2012
52. Windows Phone 7 Application Security
• Windows Phone 7 Data Access/Privacy
• Another one which isn’t a platform/framework specific
• Understand the data accessed by third party libraries
• Create a privacy policy covering personal data and stick to it!
• Don’t store historical data on the device beyond required time
• Audit app communications to check for data leaks
Friday, 7 September 2012
53. Windows Phone 8 Security
• The good things
• Shared Windows Core (NT Kernel on a phone)
• Secure boot and Bitlocker on by default
• Enterprise app deployment/management functionality
• OTA updates for all phones for at least 18 months
Friday, 7 September 2012
54. Windows Phone 8 Security
• The potentially bad things
• Shared Windows Core (NT Kernel on a phone)
• NFC and Wallet Hub
• Native C and C++ code now available to everyone
• Micro SD Card support but with no Bitlocker support
Friday, 7 September 2012
55. Application Security Workshop
• Free Application Security Workshop at Realex
• 27th September in our Dublin office
• Secure coding: why and how
• Think like a pen tester
• Security focused code reviews
Friday, 7 September 2012