SlideShare a Scribd company logo

Praetorian Veracode Webinar - Mobile Privacy

Tyler Shields
Tyler Shields

The document discusses mobile application security risks and recommendations. It summarizes the OWASP Mobile Top 10 security risks, describes how static analysis can reveal vulnerabilities without executing code, and analyzes results from analyzing over 53,000 Android applications. Key findings include the high percentage of applications requesting permissions for location, contacts, and SMS/calling functions. Many applications shared third-party libraries for advertising and analytics. The document recommends users carefully review an app's permissions and author before installing and to use security monitoring applications.

1 of 25
OWASP Mobile Top 10 List 1. Insecure or unnecessary client-side data storage 2. Lack of data protection in transit 3. Personal data leakage 4. Failure to protect resources with strong authentication 5. Failure to implement least privilege authorization policy 6. Client-side injection 7. Client-side DOS 8. Malicious third-party code 9. Client-side buffer overflow 10. Failure to apply server-side controls
• • • • • •
Static Analysis  Analysis of software performed without actually executing the program  Full coverage of the entire source or binary  In theory, having full application knowledge can reveal a wider range of bugs and vulnerabilities than the “trial and error” of dynamic analysis  Impossible to identify vulnerabilities based on system configuration that exist only in the deployment environment
Entire contents © 2011 Praetorian. All rights reserved. | Information Security Provider and Research Center | www.praetorian.com
Pervasive Permissions: Where They Come From & Why Users Accept Them Ryan W Smith Senior Security Researcher 11 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Android’s Open App Model • Low barrier to entry • Apps hosted and installed from anywhere • All apps are created equal • No distinction between core apps and 3rd party apps • Accept apps based on: 1. Trust of the source 2. Permissions requested 12 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Examples of Android Malware SMS Trojan – SMS based propagation – Link to site hosting rogue app for “free movie player” – Sends 2 Premium SMS messages to a Kazakhstan number (about $5 per message) Gemeni – Repackaged apps in Chinese market – Sex positions and MonkeyJump2 are known examples – Bot-like capabilities, with unknown impact or purpose Droid Dream – Approx. 50 Malicious apps in official market – Contained several sensitive exhilaration capabilities 13 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Praetorian’s Mobile Analyst Project (MAP) Phase 1: Scalable Tailored App Analysis Framework (STAAF) Goal: To aide an analyst’s investigation of a large number of applications Current Capabilities:  Extract permissions and other attributes  Analyze the application’s code using several methods  Gather high level trends, patterns, and statistics from extracted data 14 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Initial Results :: Permissions Requests 53,000 Applications Analyzed  Android Market: ~48,000  3rd Party Markets: ~5,000 Permissions Requested  Average: 3  Most Requested: 117 Top “Interesting” Permissions  GPS information: 24% (11,929)  Read Contacts: 8% (3,626)  Send SMS: 4% (1,693)  Receive SMS: 3% (1262)  Record Audio: 2% (1100)  Read SMS: 2% (832)  Process Outgoing Calls: 1% (323)  Use Credentials : 0.5% (248) 15 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Who Wants to Know? Ad/Marketing Networks Social Gaming Networks 16 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Initial Results :: Shared Libraries 52,000 Applications Analyzed  Android Market: ~48,000  3rd Party Markets: ~5,000 Third Party Libraries  Total Third Party Libraries: ~83,000  Top Shared Libraries  com.admob 38% (18,426 apps )  org.apache 8% ( 3,684 apps )  com.google.android 6% ( 2,838 apps )  com.google.ads 6% ( 2,779 apps )  com.flurry 6% ( 2,762 apps )  com.mobclix 4% ( 2,055 apps )  com.millennialmedia 4% ( 1,758 apps)  com.facebook 4% ( 1,707 apps) 17 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Do You User, Take Thee Permissions?  YOUR PERSONAL INFORMATION  READ CONTACT DATA  NETWORK COMMUNICATION  FULL INTERNET ACCESS  NETWORK COMMUNICATION  VIEW NETWORK STATE  SYSTEM TOOLS  PREVENT DEVICE FROM SLEEPING  PHONE CALLS  READ PHONE STATE AND IDENTITY  HARDWARE CONTROLS  CONTROL VIBRATOR  SERVICES THAT COST YOU MONEY  SEND SMS MESSAGES 18 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
What Really Happens? “Given a choice between dancing pigs and security, users will pick dancing pigs every time.” - Bruce Schneier 19 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Numbers Can Be Deceiving zsones & Droid Dream SMS Replicator Fake Security Tool Gemeni SMS Trojan 20 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
If You See Something, Say Something! Recommendations going forward 1. Carefully review the app, the permissions requested, the author, and be judicious 2. Support third party initiatives to monitor app markets proactively 3. Run security monitoring applications on your Android device 4. Visit Praetorian.com for more information on mobile security services 21 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Whitelisting • Conduct static analysis of candidate applications • Create a whitelist • Use an unbiased 3rd party • Enforcement via mobile policy
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy

Recommended

IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
Tyler Shields
 
News Bytes - December 2012
News Bytes - December 2012News Bytes - December 2012
News Bytes - December 2012
n|u - The Open Security Community
 
Botnet
BotnetBotnet
Botnet
lokenra
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
Tyler Shields
 
Report of android hacking
Report of android hackingReport of android hacking
Report of android hacking
div2345
 
Computer security
Computer securityComputer security
Computer security
Dhani Ahmad
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
ipspat
 
Cscu module 04 data encryption
Cscu module 04 data encryptionCscu module 04 data encryption
Cscu module 04 data encryption
Alireza Ghahrood
 

Recommended

IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
Tyler Shields
 
News Bytes - December 2012
News Bytes - December 2012News Bytes - December 2012
News Bytes - December 2012
n|u - The Open Security Community
 
Botnet
BotnetBotnet
Botnet
lokenra
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
Tyler Shields
 
Report of android hacking
Report of android hackingReport of android hacking
Report of android hacking
div2345
 
Computer security
Computer securityComputer security
Computer security
Dhani Ahmad
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
ipspat
 
Cscu module 04 data encryption
Cscu module 04 data encryptionCscu module 04 data encryption
Cscu module 04 data encryption
Alireza Ghahrood
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
Aviva Spectrum™
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
Yury Chemerkin
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
n|u - The Open Security Community
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issues
Christian Spolaore
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
SytelReplyUK
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
DATA SECURITY SOLUTIONS
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
Graeme Wood
 
Cscu module 07 securing network connections
Cscu module 07 securing network connectionsCscu module 07 securing network connections
Cscu module 07 securing network connections
Alireza Ghahrood
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
Vladimir Jirasek
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
Lookout
 
Covert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakageCovert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakage
LeMeniz Infotech
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
Sejahtera Affif
 
P01761113118
P01761113118P01761113118
P01761113118
IOSR Journals
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Mark Henshaw
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
iosrjce
 
Green Security
Green SecurityGreen Security
Green Security
Shahar Geiger Maor
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
Gaurav Srivastav
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Security
sumit saurav
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
Gregory Hanis
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Netpluz Asia Pte Ltd
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
Tyler Shields
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...Tyler Shields
 

More Related Content

What's hot

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
Aviva Spectrum™
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
Yury Chemerkin
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
n|u - The Open Security Community
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issues
Christian Spolaore
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
SytelReplyUK
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
DATA SECURITY SOLUTIONS
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
Graeme Wood
 
Cscu module 07 securing network connections
Cscu module 07 securing network connectionsCscu module 07 securing network connections
Cscu module 07 securing network connections
Alireza Ghahrood
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
Vladimir Jirasek
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
Lookout
 
Covert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakageCovert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakage
LeMeniz Infotech
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
Sejahtera Affif
 
P01761113118
P01761113118P01761113118
P01761113118
IOSR Journals
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Mark Henshaw
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
iosrjce
 
Green Security
Green SecurityGreen Security
Green Security
Shahar Geiger Maor
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
Gaurav Srivastav
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Security
sumit saurav
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
Gregory Hanis
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Netpluz Asia Pte Ltd
 

What's hot (20)

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issues
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
 
Cscu module 07 securing network connections
Cscu module 07 securing network connectionsCscu module 07 securing network connections
Cscu module 07 securing network connections
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Covert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakageCovert compositional analysis of android inter app permission leakage
Covert compositional analysis of android inter app permission leakage
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
 
P01761113118
P01761113118P01761113118
P01761113118
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
 
Green Security
Green SecurityGreen Security
Green Security
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Security
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™
 

Viewers also liked

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
Tyler Shields
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...Tyler Shields
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Tyler Shields
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile Device
Tyler Shields
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!
Tyler Shields
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Tyler Shields
 
Del Garabateo A La Escritura Convencional
Del Garabateo A La Escritura ConvencionalDel Garabateo A La Escritura Convencional
Del Garabateo A La Escritura Convencional
guest57e31527
 

Viewers also liked (7)

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile Device
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social Media
 
Del Garabateo A La Escritura Convencional
Del Garabateo A La Escritura ConvencionalDel Garabateo A La Escritura Convencional
Del Garabateo A La Escritura Convencional
 

Similar to Praetorian Veracode Webinar - Mobile Privacy

CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
Jose L. Quiñones-Borrero
 
Udi and juniper networks BYOD
Udi and juniper networks BYODUdi and juniper networks BYOD
Udi and juniper networks BYOD
stefriche0199
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
Praetorian
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
Yury Chemerkin
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
Forcepoint LLC
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Tripwire
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
lorzinian
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Mark Evertz
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
Michael Davis
 
Junos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite LaunchJunos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite Launch
Juniper Networks
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Cengage Learning
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
frcarlson
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation tools
Venkata Sreeram
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
Xavier Mertens
 

Similar to Praetorian Veracode Webinar - Mobile Privacy (20)

CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Udi and juniper networks BYOD
Udi and juniper networks BYODUdi and juniper networks BYOD
Udi and juniper networks BYOD
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 
Junos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite LaunchJunos Pulse Mobile Security Suite Launch
Junos Pulse Mobile Security Suite Launch
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation tools
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 

More from Tyler Shields

Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Tyler Shields
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Tyler Shields
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Tyler Shields
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the Berries
Tyler Shields
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
Tyler Shields
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application Backdoors
Tyler Shields
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Tyler Shields
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
Tyler Shields
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
Tyler Shields
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More Problems
Tyler Shields
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
Tyler Shields
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
Tyler Shields
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
Tyler Shields
 
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
Tyler Shields
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Tyler Shields
 
GovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesGovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The Berries
Tyler Shields
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
Tyler Shields
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIR
Tyler Shields
 
CarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingCarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-Debugging
Tyler Shields
 
CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101
Tyler Shields
 

More from Tyler Shields (20)

Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part Deux
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the Berries
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application Backdoors
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More Problems
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
 
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
 
GovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesGovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The Berries
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIR
 
CarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingCarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-Debugging
 
CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101
 

Recently uploaded

Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 

Recently uploaded (20)

Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 

Praetorian Veracode Webinar - Mobile Privacy

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. OWASP Mobile Top 10 List 1. Insecure or unnecessary client-side data storage 2. Lack of data protection in transit 3. Personal data leakage 4. Failure to protect resources with strong authentication 5. Failure to implement least privilege authorization policy 6. Client-side injection 7. Client-side DOS 8. Malicious third-party code 9. Client-side buffer overflow 10. Failure to apply server-side controls
  • 7. • • • • •
  • 8.
  • 9. Static Analysis  Analysis of software performed without actually executing the program  Full coverage of the entire source or binary  In theory, having full application knowledge can reveal a wider range of bugs and vulnerabilities than the “trial and error” of dynamic analysis  Impossible to identify vulnerabilities based on system configuration that exist only in the deployment environment
  • 10. Entire contents © 2011 Praetorian. All rights reserved. | Information Security Provider and Research Center | www.praetorian.com
  • 11. Pervasive Permissions: Where They Come From & Why Users Accept Them Ryan W Smith Senior Security Researcher 11 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 12. Android’s Open App Model • Low barrier to entry • Apps hosted and installed from anywhere • All apps are created equal • No distinction between core apps and 3rd party apps • Accept apps based on: 1. Trust of the source 2. Permissions requested 12 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 13. Examples of Android Malware SMS Trojan – SMS based propagation – Link to site hosting rogue app for “free movie player” – Sends 2 Premium SMS messages to a Kazakhstan number (about $5 per message) Gemeni – Repackaged apps in Chinese market – Sex positions and MonkeyJump2 are known examples – Bot-like capabilities, with unknown impact or purpose Droid Dream – Approx. 50 Malicious apps in official market – Contained several sensitive exhilaration capabilities 13 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 14. Praetorian’s Mobile Analyst Project (MAP) Phase 1: Scalable Tailored App Analysis Framework (STAAF) Goal: To aide an analyst’s investigation of a large number of applications Current Capabilities:  Extract permissions and other attributes  Analyze the application’s code using several methods  Gather high level trends, patterns, and statistics from extracted data 14 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 15. Initial Results :: Permissions Requests 53,000 Applications Analyzed  Android Market: ~48,000  3rd Party Markets: ~5,000 Permissions Requested  Average: 3  Most Requested: 117 Top “Interesting” Permissions  GPS information: 24% (11,929)  Read Contacts: 8% (3,626)  Send SMS: 4% (1,693)  Receive SMS: 3% (1262)  Record Audio: 2% (1100)  Read SMS: 2% (832)  Process Outgoing Calls: 1% (323)  Use Credentials : 0.5% (248) 15 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 16. Who Wants to Know? Ad/Marketing Networks Social Gaming Networks 16 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 17. Initial Results :: Shared Libraries 52,000 Applications Analyzed  Android Market: ~48,000  3rd Party Markets: ~5,000 Third Party Libraries  Total Third Party Libraries: ~83,000  Top Shared Libraries  com.admob 38% (18,426 apps )  org.apache 8% ( 3,684 apps )  com.google.android 6% ( 2,838 apps )  com.google.ads 6% ( 2,779 apps )  com.flurry 6% ( 2,762 apps )  com.mobclix 4% ( 2,055 apps )  com.millennialmedia 4% ( 1,758 apps)  com.facebook 4% ( 1,707 apps) 17 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 18. Do You User, Take Thee Permissions?  YOUR PERSONAL INFORMATION  READ CONTACT DATA  NETWORK COMMUNICATION  FULL INTERNET ACCESS  NETWORK COMMUNICATION  VIEW NETWORK STATE  SYSTEM TOOLS  PREVENT DEVICE FROM SLEEPING  PHONE CALLS  READ PHONE STATE AND IDENTITY  HARDWARE CONTROLS  CONTROL VIBRATOR  SERVICES THAT COST YOU MONEY  SEND SMS MESSAGES 18 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 19. What Really Happens? “Given a choice between dancing pigs and security, users will pick dancing pigs every time.” - Bruce Schneier 19 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 20. Numbers Can Be Deceiving zsones & Droid Dream SMS Replicator Fake Security Tool Gemeni SMS Trojan 20 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 21. If You See Something, Say Something! Recommendations going forward 1. Carefully review the app, the permissions requested, the author, and be judicious 2. Support third party initiatives to monitor app markets proactively 3. Run security monitoring applications on your Android device 4. Visit Praetorian.com for more information on mobile security services 21 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 22.
  • 23. Whitelisting • Conduct static analysis of candidate applications • Create a whitelist • Use an unbiased 3rd party • Enforcement via mobile policy