The document summarizes some of the key announcements from Google IO 2015 about Android. It discusses the new Android Design Support Library which provides material design components to all developers. It also covers the new permission model in Android M which requires users to grant permissions at runtime, and best practices for requesting permissions. Another section explains Doze mode in Android M which restricts apps' access when the device is unplugged and idle. The document concludes by briefly mentioning other changes like the removal of the Apache HTTP client and new APIs for app invites and tracking search performance.
This document discusses various techniques for exploiting Android devices, including injecting JavaScript code to install malware, tricking users into downloading malicious updates, abusing permissions to gain access to private data like contacts and location, and extracting user data like passwords through physical access to the device. It provides examples of exploiting vulnerabilities in apps to escalate privileges and infiltrate user accounts.
Dev Dives: Master advanced authentication and performance in Productivity Act...UiPathCommunity
Are you using Microsoft 365 or Google Workspace? Are you curious to learn advanced authentication setups and batching capabilities? This webinar is for you.
Discover how to:
- Understand which Authentication type (Delegated/Application) best fits your requirements.
- Explore the advantages of the new Google Workspace scope.
- Differentiate between Integration Service Connection and the new Google Workspace scope.
- Learn the process of configuring Microsoft 365 Scope using the Asset Method.
- Determine the necessary Scopes for your automation needs.
️🗣️ Speakers:
Alexandru Crijman, Product Manager, UiPath
Nisarg Kadam, UiPath MVP 2024 & AI Ambassador, UiPath
📩 Useful resources:
JSON format for Asset Creation:
https://docs.uipath.com/activities/other/latest/productivity/how-to-use-microsoft-activities-integration-service#microsoft-office-365-scope-asset
How to create Azure App with Restricted SharePoint Site Access: https://view.highspot.com/viewer/6605801c6ff9043b514449e3
⏩ Register for our upcoming Dev Dives April session: Streamline document processing with UiPath Studio Web
EMEA&APJ: https://bit.ly/Dev_Dives_April_EMEA_APJ
AMER: https://bit.ly/Dev_Dives_April_AMER
This session was streamed live on March 28, 2024.
Check out all our upcoming Dev Dives 2024 sessions at:
🚩https://bit.ly/Dev_Dives_2024
Android Permissions Demystified
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner
University of California, Berkeley
{ apf, emc, sch, dawnsong, daw }@ cs.berkeley.edu
ABSTRACT
Android provides third-party applications with an extensive
API that includes access to phone hardware, settings, and
user data. Access to privacy- and security-relevant parts of
the API is controlled with an install-time application permis-
sion system. We study Android applications to determine
whether Android developers follow least privilege with their
permission requests. We built Stowaway, a tool that detects
overprivilege in compiled Android applications. Stowaway
determines the set of API calls that an application uses and
then maps those API calls to permissions. We used auto-
mated testing tools on the Android API in order to build
the permission map that is necessary for detecting overpriv-
ilege. We apply Stowaway to a set of 940 applications and
find that about one-third are overprivileged. We investigate
the causes of overprivilege and find evidence that developers
are trying to follow least privilege but sometimes fail due to
insufficient API documentation.
Categories and Subject Descriptors
D.2.5 [Software Engineering]: Testing and Debugging;
D.4.6 [Operating Systems]: Security and Protection
General Terms
Security
Keywords
Android, permissions, least privilege
1. INTRODUCTION
Android’s unrestricted application market and open source
have made it a popular platform for third-party applications.
As of 2011, the Android Market includes more applications
than the Apple App Store [10]. Android supports third-
party development with an extensive API that provides ap-
plications with access to phone hardware (e.g., the camera),
WiFi and cellular networks, user data, and phone settings.
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that copies
bear this notice and the full citation on the first page. To copy otherwise, to
republish, to post on servers or to redistribute to lists, requires prior specific
permission and/or a fee.
CCS’11, October 17–21, 2011, Chicago, Illinois, USA.
Copyright 2011 ACM 978-1-4503-0948-6/11/10 ...$10.00.
Access to privacy- and security-relevant parts of Android’s
rich API is controlled by an install-time application permis-
sion system. Each application must declare upfront what
permissions it requires, and the user is notified during in-
stallation about what permissions it will receive. If a user
does not want to grant a permission to an application, he or
she can cancel the installation process.
Install-time permissions can provide users with control
over their privacy and reduce the impact of bugs and vul-
nerabilities in applications. However, an install-time per-
mission system is ineffective if developers routinely request
more perm.
This document discusses the Android permission system. It begins by introducing application sandboxes and the need for permissions to access resources outside the sandbox. It then covers the different types of permissions, how to check for and request permissions, and how the Android system handles permission requests and responses. Key points include how permissions are evaluated, the difference between normal and dangerous permissions, and methods for checking and requesting permissions like checkSelfPermission() and requestPermissions().
This document discusses the Android permission system. It begins by introducing application sandboxes and the need for permissions to access resources outside the sandbox. It then covers the different types of permissions, how to check for and request permissions, and how the Android system handles permission requests and responses. Key points include how permissions are classified, the lifecycle of requesting and handling permission responses, and considerations for permission rationales when a user has previously denied a request.
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
The document summarizes some of the key announcements from Google IO 2015 about Android. It discusses the new Android Design Support Library which provides material design components to all developers. It also covers the new permission model in Android M which requires users to grant permissions at runtime, and best practices for requesting permissions. Another section explains Doze mode in Android M which restricts apps' access when the device is unplugged and idle. The document concludes by briefly mentioning other changes like the removal of the Apache HTTP client and new APIs for app invites and tracking search performance.
This document discusses various techniques for exploiting Android devices, including injecting JavaScript code to install malware, tricking users into downloading malicious updates, abusing permissions to gain access to private data like contacts and location, and extracting user data like passwords through physical access to the device. It provides examples of exploiting vulnerabilities in apps to escalate privileges and infiltrate user accounts.
Dev Dives: Master advanced authentication and performance in Productivity Act...UiPathCommunity
Are you using Microsoft 365 or Google Workspace? Are you curious to learn advanced authentication setups and batching capabilities? This webinar is for you.
Discover how to:
- Understand which Authentication type (Delegated/Application) best fits your requirements.
- Explore the advantages of the new Google Workspace scope.
- Differentiate between Integration Service Connection and the new Google Workspace scope.
- Learn the process of configuring Microsoft 365 Scope using the Asset Method.
- Determine the necessary Scopes for your automation needs.
️🗣️ Speakers:
Alexandru Crijman, Product Manager, UiPath
Nisarg Kadam, UiPath MVP 2024 & AI Ambassador, UiPath
📩 Useful resources:
JSON format for Asset Creation:
https://docs.uipath.com/activities/other/latest/productivity/how-to-use-microsoft-activities-integration-service#microsoft-office-365-scope-asset
How to create Azure App with Restricted SharePoint Site Access: https://view.highspot.com/viewer/6605801c6ff9043b514449e3
⏩ Register for our upcoming Dev Dives April session: Streamline document processing with UiPath Studio Web
EMEA&APJ: https://bit.ly/Dev_Dives_April_EMEA_APJ
AMER: https://bit.ly/Dev_Dives_April_AMER
This session was streamed live on March 28, 2024.
Check out all our upcoming Dev Dives 2024 sessions at:
🚩https://bit.ly/Dev_Dives_2024
Android Permissions Demystified
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner
University of California, Berkeley
{ apf, emc, sch, dawnsong, daw }@ cs.berkeley.edu
ABSTRACT
Android provides third-party applications with an extensive
API that includes access to phone hardware, settings, and
user data. Access to privacy- and security-relevant parts of
the API is controlled with an install-time application permis-
sion system. We study Android applications to determine
whether Android developers follow least privilege with their
permission requests. We built Stowaway, a tool that detects
overprivilege in compiled Android applications. Stowaway
determines the set of API calls that an application uses and
then maps those API calls to permissions. We used auto-
mated testing tools on the Android API in order to build
the permission map that is necessary for detecting overpriv-
ilege. We apply Stowaway to a set of 940 applications and
find that about one-third are overprivileged. We investigate
the causes of overprivilege and find evidence that developers
are trying to follow least privilege but sometimes fail due to
insufficient API documentation.
Categories and Subject Descriptors
D.2.5 [Software Engineering]: Testing and Debugging;
D.4.6 [Operating Systems]: Security and Protection
General Terms
Security
Keywords
Android, permissions, least privilege
1. INTRODUCTION
Android’s unrestricted application market and open source
have made it a popular platform for third-party applications.
As of 2011, the Android Market includes more applications
than the Apple App Store [10]. Android supports third-
party development with an extensive API that provides ap-
plications with access to phone hardware (e.g., the camera),
WiFi and cellular networks, user data, and phone settings.
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that copies
bear this notice and the full citation on the first page. To copy otherwise, to
republish, to post on servers or to redistribute to lists, requires prior specific
permission and/or a fee.
CCS’11, October 17–21, 2011, Chicago, Illinois, USA.
Copyright 2011 ACM 978-1-4503-0948-6/11/10 ...$10.00.
Access to privacy- and security-relevant parts of Android’s
rich API is controlled by an install-time application permis-
sion system. Each application must declare upfront what
permissions it requires, and the user is notified during in-
stallation about what permissions it will receive. If a user
does not want to grant a permission to an application, he or
she can cancel the installation process.
Install-time permissions can provide users with control
over their privacy and reduce the impact of bugs and vul-
nerabilities in applications. However, an install-time per-
mission system is ineffective if developers routinely request
more perm.
This document discusses the Android permission system. It begins by introducing application sandboxes and the need for permissions to access resources outside the sandbox. It then covers the different types of permissions, how to check for and request permissions, and how the Android system handles permission requests and responses. Key points include how permissions are evaluated, the difference between normal and dangerous permissions, and methods for checking and requesting permissions like checkSelfPermission() and requestPermissions().
This document discusses the Android permission system. It begins by introducing application sandboxes and the need for permissions to access resources outside the sandbox. It then covers the different types of permissions, how to check for and request permissions, and how the Android system handles permission requests and responses. Key points include how permissions are classified, the lifecycle of requesting and handling permission responses, and considerations for permission rationales when a user has previously denied a request.
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
This document summarizes key topics from Part 2 of a course on analyzing Android applications, including code signing, application permissions, the application sandbox model, and filesystem encryption. It discusses how Android validates application signatures but does not verify certificates are from a trusted authority. It also describes the different permission protection levels and limitations of the application sandbox and filesystem encryption.
The document discusses Android security principles, permissions, and application signing. It describes how Android enforces security at the process level using Linux features and provides additional security through a permission mechanism. No application has default permission to perform operations that could harm other apps, the OS, or user. An app must explicitly declare any permissions it needs for additional capabilities. Permissions are declared in the app's manifest and granted at install time based on the app's certificate. The permissions an app requests cannot change after installation.
The document summarizes key aspects of the security model for Android applications. It discusses code signing with digital certificates, the permission model and levels of permission protection, the application sandbox design, and filesystem encryption. It also notes some limitations, such as vulnerabilities in code signing, ways for malicious apps to obtain permissions, and that encryption only protects data at rest and not during execution.
This document provides an overview of Android security. It discusses Android's architecture including activities, services, content providers and broadcast receivers. It then covers Android security features like application sandboxing, application signing, and Android's permission model. It provides examples of how these components and security features work together in a sample Android application for tracking friends' locations. It also discusses how applications can programmatically enforce permissions and how application components interact through intents.
This document discusses Android permissions, including what permissions are, different permission levels (normal, dangerous, signature, signatureOrSystem), how to define and request permissions in the manifest file, how permissions are granted at install time and in runtime in Android M and later, and how permission enforcement works at the kernel, Java component, and native daemon levels. It also covers defining custom permissions in an APK manifest, permission conflicts, and revoking permissions in runtime.
Android M - Runtime Permissions | Getting ready for MarshmallowUmair Vatao
This document discusses the new runtime permissions model in Android Marshmallow. Key points include:
- Apps now request permissions at runtime when the associated feature is needed rather than during install. This improves privacy and reduces permission friction.
- Legacy apps still request permissions at install but users can revoke permissions. Apps won't crash without permissions but may return no data.
- Best practices include only requesting minimal permissions upfront and checking permissions before each use rather than caching results.
Every new Android version introduces changes and improvements. Even if you're targeting an older Android version in your application, you need to understand what is the trajectory that the OS in following to be prepared. This presentation is targeting the enterprise mobility developers.
The document discusses permissions in Android security and outlines 3 main threats: permission re-delegation, over-privileged apps, and permission inheritance. It then describes 11 proposed solutions to these threats, categorizing each solution by type (system modification, Android service, or non-Android app), implementation level (system, app, or separate system), and running mode (static or dynamic). Finally, it notes areas for future work, such as combining solutions and evaluating solutions based on factors like performance and complexity.
The document discusses securing Android applications. It covers the Android architecture, permissions model, data storage, content providers, networking, SQLite encryption, static analysis, and obfuscation. The key topics are the Dalvik VM, sandbox model, permissions, signing applications, minimizing permissions, HTTPS for networking, SQLite encryption, Lint for static analysis, and Proguard for obfuscation.
This document discusses Android security and hacking techniques. It covers the Android architecture including its use of Linux kernels and Java libraries. It describes Android's permission model and how apps are sandboxed. It discusses techniques for hacking Android like rooting devices, decompiling apps, intercepting network traffic, and exploiting intents. It also covers ways attackers can leak information and how to mitigate security risks.
The incorporation of Security-Enhanced Linux in Android (SEAndroid) is an important security enhancement to the platform.
Android is built on top of the Linux kernel, with a collection of traditional and customized Linux libraries and daemons.
....
Cloud Foundry UAA as an Identity GatewayVMware Tanzu
SpringOne Platform 2017
Sree Tummidi, Pivotal
"In this session we will cover the capabilities of Cloud Foundry’s UAA which make it apt to be used as an identity gateway for both ingress and egress security patterns.
We will take a closer look at how UAA’s multi-tenancy can be leveraged to expose it as an Identity Service using the Cloud Foundry service broker pattern. This greatly reduces the burden on the developers looking to secure their apps & microservices running on Cloud Foundry.
Finally we will provide an identity vision which includes the use of side-cars like Spring Cloud Gateway and Envoy as lightweight identity proxies, reducing the burden on the App Developers in terms of enabling client side support for identity protocols like OAuth, OpenID Connect and SAML."
OAuth 2.0 is an open standard for authorization that allows third-party applications to securely access private user data from APIs, without requiring the user to share their username and password. It specifies a process for users to authorize applications to access their data on other servers, issuing access tokens that applications can use to make API requests on the user's behalf. OAuth addresses issues with passwords by allowing temporary, limited access without exposing user credentials.
This document summarizes part 2 of a course on attacking Android applications. It discusses how application components like activities and services can be exploited if not properly protected. Specific vulnerabilities in the Sieve password manager application are demonstrated, including insecure content providers, SQL injection, and an insecure file-backed content provider. The document also covers how services and broadcast receivers can be abused if not protected correctly.
A Framework for Providing Selective Permissions to Android ApplicationsIOSR Journals
This document proposes a framework for providing selective permissions in the Android operating system. It begins with an introduction to the Android application model and permissions system. It then describes related work on more fine-grained permission systems. The proposed framework would collect the permissions an app requests at installation, map them to runtime permission requests, and notify the user if extra permissions are requested. It provides class and mathematical models of the framework's components and functions. The framework aims to detect potentially malicious apps requesting unexpected permissions and delay their access to resources until the user is notified and approves.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
John DaSilva, Identity Architect, Ping Identity
Brian Campbell, Portfolio Architect, Ping Identity
If you asked yourself the question, "What is OAuth and will it solve my mobile device SSO headaches?” then this is the session for you! In this bootcamp, you will learn the basic foundations of OAuth, the drivers (the “why”) behind it, the use cases, the protocol flow and basic terminology. Once we have a basic understanding of OAuth, we will explore various implementation strategies for OAuth 2.0. We’ll dissect the Web Server, User Agent and Native Application use cases, and describe how to configure OAuth in PingFederate Authorization Server. We will even take a look at the up and coming OpenID Connect specification. Bring your laptop; a configuration of PingFederate that you can set up and temporary product licenses will be supplied.
The document discusses 7 common mistakes, or "deadly sins", that developers make when building applications that integrate with Azure Active Directory (Azure AD). Each section describes a scenario where a fictional developer named Bob implements a suboptimal solution to a requirement, explains the security flaw in Bob's approach, and provides guidance on how to implement it securely. The document is intended to demonstrate common pitfalls to avoid when using Azure AD for authentication and authorization.
This document discusses attacking Android application components and exploiting insecure communications. It describes how application components like activities, services, and content providers can be vulnerable if not properly secured. Specific vulnerabilities discussed include insecure content providers exposing private data, SQL injection in content provider queries, abusing started services, exploiting insecure bound services, and intent sniffing from unprotected broadcast receivers. Examples are provided of exploiting these vulnerabilities in the Open Sieve Android app.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
This document summarizes key topics from Part 2 of a course on analyzing Android applications, including code signing, application permissions, the application sandbox model, and filesystem encryption. It discusses how Android validates application signatures but does not verify certificates are from a trusted authority. It also describes the different permission protection levels and limitations of the application sandbox and filesystem encryption.
The document discusses Android security principles, permissions, and application signing. It describes how Android enforces security at the process level using Linux features and provides additional security through a permission mechanism. No application has default permission to perform operations that could harm other apps, the OS, or user. An app must explicitly declare any permissions it needs for additional capabilities. Permissions are declared in the app's manifest and granted at install time based on the app's certificate. The permissions an app requests cannot change after installation.
The document summarizes key aspects of the security model for Android applications. It discusses code signing with digital certificates, the permission model and levels of permission protection, the application sandbox design, and filesystem encryption. It also notes some limitations, such as vulnerabilities in code signing, ways for malicious apps to obtain permissions, and that encryption only protects data at rest and not during execution.
This document provides an overview of Android security. It discusses Android's architecture including activities, services, content providers and broadcast receivers. It then covers Android security features like application sandboxing, application signing, and Android's permission model. It provides examples of how these components and security features work together in a sample Android application for tracking friends' locations. It also discusses how applications can programmatically enforce permissions and how application components interact through intents.
This document discusses Android permissions, including what permissions are, different permission levels (normal, dangerous, signature, signatureOrSystem), how to define and request permissions in the manifest file, how permissions are granted at install time and in runtime in Android M and later, and how permission enforcement works at the kernel, Java component, and native daemon levels. It also covers defining custom permissions in an APK manifest, permission conflicts, and revoking permissions in runtime.
Android M - Runtime Permissions | Getting ready for MarshmallowUmair Vatao
This document discusses the new runtime permissions model in Android Marshmallow. Key points include:
- Apps now request permissions at runtime when the associated feature is needed rather than during install. This improves privacy and reduces permission friction.
- Legacy apps still request permissions at install but users can revoke permissions. Apps won't crash without permissions but may return no data.
- Best practices include only requesting minimal permissions upfront and checking permissions before each use rather than caching results.
Every new Android version introduces changes and improvements. Even if you're targeting an older Android version in your application, you need to understand what is the trajectory that the OS in following to be prepared. This presentation is targeting the enterprise mobility developers.
The document discusses permissions in Android security and outlines 3 main threats: permission re-delegation, over-privileged apps, and permission inheritance. It then describes 11 proposed solutions to these threats, categorizing each solution by type (system modification, Android service, or non-Android app), implementation level (system, app, or separate system), and running mode (static or dynamic). Finally, it notes areas for future work, such as combining solutions and evaluating solutions based on factors like performance and complexity.
The document discusses securing Android applications. It covers the Android architecture, permissions model, data storage, content providers, networking, SQLite encryption, static analysis, and obfuscation. The key topics are the Dalvik VM, sandbox model, permissions, signing applications, minimizing permissions, HTTPS for networking, SQLite encryption, Lint for static analysis, and Proguard for obfuscation.
This document discusses Android security and hacking techniques. It covers the Android architecture including its use of Linux kernels and Java libraries. It describes Android's permission model and how apps are sandboxed. It discusses techniques for hacking Android like rooting devices, decompiling apps, intercepting network traffic, and exploiting intents. It also covers ways attackers can leak information and how to mitigate security risks.
The incorporation of Security-Enhanced Linux in Android (SEAndroid) is an important security enhancement to the platform.
Android is built on top of the Linux kernel, with a collection of traditional and customized Linux libraries and daemons.
....
Cloud Foundry UAA as an Identity GatewayVMware Tanzu
SpringOne Platform 2017
Sree Tummidi, Pivotal
"In this session we will cover the capabilities of Cloud Foundry’s UAA which make it apt to be used as an identity gateway for both ingress and egress security patterns.
We will take a closer look at how UAA’s multi-tenancy can be leveraged to expose it as an Identity Service using the Cloud Foundry service broker pattern. This greatly reduces the burden on the developers looking to secure their apps & microservices running on Cloud Foundry.
Finally we will provide an identity vision which includes the use of side-cars like Spring Cloud Gateway and Envoy as lightweight identity proxies, reducing the burden on the App Developers in terms of enabling client side support for identity protocols like OAuth, OpenID Connect and SAML."
OAuth 2.0 is an open standard for authorization that allows third-party applications to securely access private user data from APIs, without requiring the user to share their username and password. It specifies a process for users to authorize applications to access their data on other servers, issuing access tokens that applications can use to make API requests on the user's behalf. OAuth addresses issues with passwords by allowing temporary, limited access without exposing user credentials.
This document summarizes part 2 of a course on attacking Android applications. It discusses how application components like activities and services can be exploited if not properly protected. Specific vulnerabilities in the Sieve password manager application are demonstrated, including insecure content providers, SQL injection, and an insecure file-backed content provider. The document also covers how services and broadcast receivers can be abused if not protected correctly.
A Framework for Providing Selective Permissions to Android ApplicationsIOSR Journals
This document proposes a framework for providing selective permissions in the Android operating system. It begins with an introduction to the Android application model and permissions system. It then describes related work on more fine-grained permission systems. The proposed framework would collect the permissions an app requests at installation, map them to runtime permission requests, and notify the user if extra permissions are requested. It provides class and mathematical models of the framework's components and functions. The framework aims to detect potentially malicious apps requesting unexpected permissions and delay their access to resources until the user is notified and approves.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
John DaSilva, Identity Architect, Ping Identity
Brian Campbell, Portfolio Architect, Ping Identity
If you asked yourself the question, "What is OAuth and will it solve my mobile device SSO headaches?” then this is the session for you! In this bootcamp, you will learn the basic foundations of OAuth, the drivers (the “why”) behind it, the use cases, the protocol flow and basic terminology. Once we have a basic understanding of OAuth, we will explore various implementation strategies for OAuth 2.0. We’ll dissect the Web Server, User Agent and Native Application use cases, and describe how to configure OAuth in PingFederate Authorization Server. We will even take a look at the up and coming OpenID Connect specification. Bring your laptop; a configuration of PingFederate that you can set up and temporary product licenses will be supplied.
The document discusses 7 common mistakes, or "deadly sins", that developers make when building applications that integrate with Azure Active Directory (Azure AD). Each section describes a scenario where a fictional developer named Bob implements a suboptimal solution to a requirement, explains the security flaw in Bob's approach, and provides guidance on how to implement it securely. The document is intended to demonstrate common pitfalls to avoid when using Azure AD for authentication and authorization.
This document discusses attacking Android application components and exploiting insecure communications. It describes how application components like activities, services, and content providers can be vulnerable if not properly secured. Specific vulnerabilities discussed include insecure content providers exposing private data, SQL injection in content provider queries, abusing started services, exploiting insecure bound services, and intent sniffing from unprotected broadcast receivers. Examples are provided of exploiting these vulnerabilities in the Open Sieve Android app.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Assessment and Planning in Educational technology.pptxKavitha Krishnan
In an education system, it is understood that assessment is only for the students, but on the other hand, the Assessment of teachers is also an important aspect of the education system that ensures teachers are providing high-quality instruction to students. The assessment process can be used to provide feedback and support for professional development, to inform decisions about teacher retention or promotion, or to evaluate teacher effectiveness for accountability purposes.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Physiology and chemistry of skin and pigmentation, hairs, scalp, lips and nail, Cleansing cream, Lotions, Face powders, Face packs, Lipsticks, Bath products, soaps and baby product,
Preparation and standardization of the following : Tonic, Bleaches, Dentifrices and Mouth washes & Tooth Pastes, Cosmetics for Nails.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Request permissions in Android App.pdf
1. Request permissions in
Android App
Instructor
Samina
Recommended Book: Android How to Program with an Introduction to Java [2nd Edition][Paul & Harvet & Abbey Deitel]
2. Agenda
• Permission in android
• Types of permission
• Access camera and storage permission in android
3. Permissions in android
• Android apps must request permission to access sensitive user data
(such as contacts and SMS or user location) or certain system features
(such as the camera and internet access).
4. Request permission in Android
• Starting from Android 6.0 (API 23), users are not asked for
permissions at the time of installation rather developers need to
request for the permissions at the run time.
• Only the permissions that are defined in the manifest file can be
requested at run time.
5. Types of Permissions
• Install-Time Permissions: If the Android 5.1.1 (API 22) or lower, the
permission is requested at the installation time at the Google Play
Store.
• If the user Accepts the permissions, the app is installed. Else the
app installation is cancelled.
6. Cont..
• Run-Time Permissions: If the Android 6 (API
23) or higher, the permission is requested at
the run time during the running of the app.
• If the user Accepts the permissions, then that
feature of the app can be used. Else to use
the feature, the app requests the permission
again.
7. Steps for Requesting permissions at run time
• Declare the permission in Android Manifest file: In Android
permissions are declared in AndroidManifest.xml file using the uses-
permission tag.
• <uses-permission
android:name=”android.permission.PERMISSION_NAME”/>
<uses-permission android:name="android.permission.CAMERA" />