Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
Mobile App Security is an issue which isn’t given much priority while your app is in the development stage, as a result of which hackers are able to target your iOS app.
This talk will feature the most common security mistake developers do, and how to fix them easily. It will also cover different security & privacy enhancements provided by Apple such as SecKey API, Differential Privacy, Cryptographic Libraries, et cetera in iOS 10 which will enable developers to ship secure applications in the Appstore
Presentation I gave at ISSA DC on June 21, 2011. It introduces the OWASP Mobile Security Project, and covers at a high level: Overview of the Android platform, Mobile Top 10 Risks, Threat Modeling for Android.
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
Intense overview of most mobile security related issues
From Clust Education talk on Security Summit in Milan (Italy):
https://www.securitysummit.it/eventi/view/82
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
Mobile App Security is an issue which isn’t given much priority while your app is in the development stage, as a result of which hackers are able to target your iOS app.
This talk will feature the most common security mistake developers do, and how to fix them easily. It will also cover different security & privacy enhancements provided by Apple such as SecKey API, Differential Privacy, Cryptographic Libraries, et cetera in iOS 10 which will enable developers to ship secure applications in the Appstore
Presentation I gave at ISSA DC on June 21, 2011. It introduces the OWASP Mobile Security Project, and covers at a high level: Overview of the Android platform, Mobile Top 10 Risks, Threat Modeling for Android.
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
Intense overview of most mobile security related issues
From Clust Education talk on Security Summit in Milan (Italy):
https://www.securitysummit.it/eventi/view/82
Kaspersky Internet Security Multi-Device 2015Dejan Pogačnik
Kaspersky Internet Security Multi-Device 2015 antivirusni program za uporabnike doma in manjša podjetja. Ščiti vaš PC/MAC računalnik in tablico ali pametni telefon z Android OS sistemom.
Don’t be a dummy. Provide enhanced mobile security for your business with Samsung KNOX. Learn how you can bring defense-grade mobile security to your workplace. http://www.samsung.com/us/business/security/knox/
Debunking the Top 5 Myths About Mobile AppSecNowSecure
Originally presented June 24, 2019
https://www.nowsecure.com/resource/debunking-the-top-5-myths-about-mobile-appsec/
It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger.
Have you heard these before?
- Testing mobile apps is the same as web apps
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk
Sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal
The innovation, scarcely four years of age, might be at a critical point, as per Reuters interviews with organizations, specialists, policymakers and campaigners.
Complete enterprise grade end point security solutions from K7. Please feel free to contact us for further details.
Email us at : info@primeinfoserv.com
Web : www.primeinfoserv.com
Phone : +91 33 6526-0279 / 4008-5677
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
This is an encore presentation of NowSecure CEO Andrew Hoog’s talk “How Android and iOS Security Enhancements Complicate Threat Detection” from RSA Conference 2017. You'll learn about:
+ Five security enhancements in the Android and iOS platforms that present obstacles to defenders and incident responders
+ Tips on overcoming those challenges
+ The open-source Mobile Triage toolset that facilitates the collection of mobile threat and vulnerability data
Building a Mobile App Pen Testing BlueprintNowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started.
It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app.
This webinar covers:
+Tips and tricks for targeting common issues
+The best tools for the job
+How to document findings to close the loop on vulnerabilities.
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.
(Source: RSA USA 2016-San Francisco)
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
Security Vulnerabilities in Modern Operating SystemsCisco Canada
The Common Exposures and Vulnerabilities database has over 25 years of data on vulnerabilities in it. In this deck we dig through that database and use it to map out trends and general information on vulnerabilities in software in the last quarter century. For more information please visit our website: http://www.cisco.com/web/CA/index.html
Kaspersky Internet Security Multi-Device 2015Dejan Pogačnik
Kaspersky Internet Security Multi-Device 2015 antivirusni program za uporabnike doma in manjša podjetja. Ščiti vaš PC/MAC računalnik in tablico ali pametni telefon z Android OS sistemom.
Don’t be a dummy. Provide enhanced mobile security for your business with Samsung KNOX. Learn how you can bring defense-grade mobile security to your workplace. http://www.samsung.com/us/business/security/knox/
Debunking the Top 5 Myths About Mobile AppSecNowSecure
Originally presented June 24, 2019
https://www.nowsecure.com/resource/debunking-the-top-5-myths-about-mobile-appsec/
It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger.
Have you heard these before?
- Testing mobile apps is the same as web apps
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk
Sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal
The innovation, scarcely four years of age, might be at a critical point, as per Reuters interviews with organizations, specialists, policymakers and campaigners.
Complete enterprise grade end point security solutions from K7. Please feel free to contact us for further details.
Email us at : info@primeinfoserv.com
Web : www.primeinfoserv.com
Phone : +91 33 6526-0279 / 4008-5677
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
This is an encore presentation of NowSecure CEO Andrew Hoog’s talk “How Android and iOS Security Enhancements Complicate Threat Detection” from RSA Conference 2017. You'll learn about:
+ Five security enhancements in the Android and iOS platforms that present obstacles to defenders and incident responders
+ Tips on overcoming those challenges
+ The open-source Mobile Triage toolset that facilitates the collection of mobile threat and vulnerability data
Building a Mobile App Pen Testing BlueprintNowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started.
It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app.
This webinar covers:
+Tips and tricks for targeting common issues
+The best tools for the job
+How to document findings to close the loop on vulnerabilities.
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.
(Source: RSA USA 2016-San Francisco)
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
Security Vulnerabilities in Modern Operating SystemsCisco Canada
The Common Exposures and Vulnerabilities database has over 25 years of data on vulnerabilities in it. In this deck we dig through that database and use it to map out trends and general information on vulnerabilities in software in the last quarter century. For more information please visit our website: http://www.cisco.com/web/CA/index.html
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
View webinar recording - http://hubs.ly/H06134H0
Learn how Aetna protects its corporate data from mobile threats while providing a better user experience and complying with strict industry regulations.
Learn how to build cross-platform mobile applications using technologies like HTML5, PhoneGap, Appcelerator Titanium, Adobe Flash Builder and Applause.
Here is a video recording of this presentation: http://www.infoq.com/presentations/Cross-Platform-Mobile
Unicom Conference - Mobile Application SecuritySubho Halder
Mobile adoption is strategic in every industry today. Although it can be a great catalyst for growth, the security risks that come with it cannot be overlooked. Even though this fact is established, many companies are still not following some of the mobile application security best practices. The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations during development. We will be covering from basic OWASP top 10 security issues to live demos on different use-case scenarios on how a hacker can hack your application, and how to prevent them.
Hyena has built-in security, user authentication, and automated upgrades, among other features. Hyena has built-in security, user authentication, and automated upgrades, among other features. This is probably all you need to create a secure mobile app from scratch. The Hyena app includes security cover for DIY apps, enterprise apps, business apps, in-house employee apps, and more.
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
Application development has come a long way in last two decades, but it is puzzling to see that despite major security breaches, security testing takes a back seat as compared to other forms of quality testing measures such as usability or functional testing.
The OWASP Mobile Top 10 is a nice start for any developer or a security professional, but the road is still ahead and there is so much to do to destroy most of the possible doors that hackers can use to find out about app’s vulnerabilities. We look forward to the OWASP to continue their work, but let’s not stay on the sidelines!
Security First Safeguarding Your iOS App Against Cyber Threats.pdfBitCot
In today’s interconnected digital landscape, ensuring the security of your iOS app is paramount. With the increasing frequency and sophistication of cyber threats, safeguarding user data and protecting against potential vulnerabilities have become critical considerations for app developers. This article explores key strategies and best practices to fortify your iOS app against cyber threats.
Given this, it's imperative for companies to think about mobile app security for both themselves and their customers. To do this, you must collaborate with the best mobile app development company in Bangalore that is familiar with cybersecurity.
Appaloosa & AppDome: deploy & protect mobile applicationsJulien Ott
Appaloosa & AppDome partner to deliver Mobile Application Management + Mobile Application Protection & Enhancement.
Key takeaways for both solutions:
- Deploy mobile apps privately to employees & partners
- Add Appaloosa's SDK in minutes with no code change
- Protect your apps from additional threats
Learn more from https://www.appaloosa-store.com/mobile_app_protection
Top Practices You Need To Develop Secure Mobile Apps.Techugo
Developers prefer to store sensitive data in the device’s local memory to protect users’ data. However, it is best not to store sensitive data, as it could increase security risks. You have two options: keep the data in encrypted containers or key chains, but if you don’t have any other choice, it is best to do so. You can also reduce the log by using the auto-delete option, which deletes data automatically after a set time.
With the growing risk of malicious activity, mobile app security has become a top concern for developers. Users are less likely to trust unreliable apps. The above best practices will answer your concerns about creating a secure mobile application by the top mobile app development company in South Africa for your customers.
Booz Allen Hamilton focuses on defining the vulnerabilities
further and identifying the potential mobile security exploits that could harm or damage a business. This article covers Booz Allen's approach to helping organizations develop a secure and effective mobile application security program.
Hi :) Aeturnist#2 Issued. My article on “Mobile Security” is published in this issue :) This article covered brief history of mobile security, Vulnerability Analysis, Why Malware Attacks? Why on Android? How to Protect Your Device and Importance of Mobile Data Security. Hope you guys enjoy reading… :)
How to Improve Your Mobile App Security KnowledgeJai Mehta
With the increasing use of smart phones all across the world has created demands of high-end functionality, an uncompromising handiness and extra ease with less effort by its users which has boosted demand of more innovative mobile apps.
Mobile apps are the primary cause behind this rise in mobile productivity. These virtual technologies connect servers and APIs all over the world to provide users with services, data, convenience, and value. For information, visit our website :
https://www.cerebruminfotech.com/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. About Me
Co-Founder and CTO at Appknox, a
mobile security company that helps
developers and companies to build
secure mobile application. I have
presented many talks and
conducted workshops at
conferences like BlackHat, Defcon,
ToorCon, SysCan, ClubHack, NullCon,
OWASP AppSec, RSA Conference.
Subho Halder / CoFounder & CTO
Securing Mobile Apps
Mobile Security Talk
Introduction
Why Mobile Security is Important ?
History of Mobile Hacks
Hackers vs Developers
Securing your Mobile Application
Top 10 Mobile Security Risks
Top 3 Mobile App Hacks in India !
Interactive Myths of Security
Android vs iOS
Questions? Contact Me :)
2
3. Securing Mobile Applications - Subho HalderAppfest 3
Introduction
The Great Mobile Security Debate
!
"
#
x
$
ă
Ć
&
ą
r
5
8
1
ü
Ĉ
É
'
Ġ
Ä
c
h
l
[
j
Å
a
ä
n
‚
Z
:
è
s
o
@
û
ĥ
p
ö
y
Ç
9
é
e
W
e
B
ù
éë
0
01
Fragmented Applications
Multiple Applications for Multiple
Platform and Multiple Architectures
makes it difficult for App Developers
to keep-up with security concerns
03
Personal & Social Information
Mobile Devices holds your personal
and social information, and
applications has access to these
information
02
Fragmented Platforms
With multiple platforms and multiple
versions of Mobile Operating
System, the OEM faces challenges to
keep Security up-to-date
04
Businesses & Enterprise Data
With mobile getting adopted at
workplaces, sensitive information
are now accessible to applications
4. While these devices offer us increased internet connectivity and day-to-day convenience,
they also carry considerable security risks
Why mobile Security is Important ?
5. Securing Mobile Applications - Subho HalderAppfest 5
Why Mobile Security Is Important ?
More data could be more danger with mobile devices
ì
ì
ì
ì
ì
ì
Data Breaches
With more data accessible to applications, security becomes
more paramount.
Mobile Malwares
Gone are the days of computer malware, mobile malware are
now growing more sophisticated with access to more data
Businesses worry about smartphone risks
While the threat is universal, being protected doesn’t have to be
difficult. If anything, it is becoming increasingly important.
Cyberattacks on mobiles increasing
Cyberattacks on mobile devices, especially smartphones, have
become all too common. And over the last year alone, we’ve
seen cybercriminals deploy all sorts of effective strategies.
Privacy Leakages
Privacy has also been called into question, as so many of these
mobile apps collect huge quantities of data and store them.
6. Securing Mobile Applications - Subho HalderAppfest 6
Hackers vs Developers
Fighting the good fight
Developers are one who creates a system
and wants the system to run as expected
Developers almost always doesn’t think
about attacking the app & wants to exploit
the app or the data
Developers are busy creating new features
and functionalities, often neglecting
security
Hackers are one who doesn’t
play by your rules
Hackers need only one opening,
one weakness.
Hackers almost always wins :)
They don’t care about functionalities, but
are looking for that one bug
HACKERS ARE NECESSARY
AND NOT EVIL :)
hackers and developers
represent duality
7. The goal of this is to raise awareness about application security by
identifying some of the most critical risks facing organizations.
Securing Your Mobile Apps
8. Securing Mobile Applications - Subho HalderAppfest 8
Top 10 Mobile Security List
The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations.
Poor Authorization and Authentication
Poor or missing authentication schemes allow an adversary to anonymously execute functionality
within the mobile app or backend server used by the mobile app.
ç
Unintended Data Leakage
Unintended data leakage occurs when a developer inadvertently places sensitive information or
data in a location on the mobile device that is easily accessible by other apps on the device.
‚
Insufficient Transport Layer Protection
If the application is coded poorly, threat agents can use techniques to view this sensitive data.
Unfortunately, mobile applications frequently do not protect network traffic
0
Insecure Data Storage
Many developers assume that storing data on client-side will restrict other users from having
access to this data.
:
Weak Server Side Controls
Most security experts might argue that server-side security falls outside of the area of mobile
application security threats. Till last year, it was the second most important mobile security threat.
Z
05
04
03
02
80%
43%
01
64%
72%
19%
Source: https://blog.appknox.com/category/owasp-top-10-mobile/
9. Securing Mobile Applications - Subho HalderAppfest 9
Top 10 Mobile Security List
The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations.
06
07
08
09
10
Client side injection results in the execution of
malicious code on the client side which is the
mobile device, via the mobile app.
Client Side Injection
As the name suggests, this issue is because session
tokens are not handled in the best way.
Improper Session Handling
Broken Cryptography or insecure usage of
cryptography is mostly common in mobile apps
that leverage encryption.
Broken Cryptography
Developers generally use hidden fields and values
or any hidden functionality to distinguish higher
level users from lower level users.
Security Decisions Via Untrusted Inputs
A lack of binary protections within a mobile app
exposes the application and it’s owner to a large
variety of technical and business risks if the
underlying application is insecure or exposes
sensitive intellectual property.
Lack of Binary Protections
10. Can you name the three which you have heard of ?
Top 3 Mobile App Hacks in India
11. Securing Mobile Applications - Subho HalderAppfest 11
Top 3 Business with Mobile Apps Hacks
Always be Proactive towards Security
OLA Cabs
IMAGE PLACEHOLDER
10 Million User Details were
Stolen from gaana.com
IMAGE PLACEHOLDER
Zomato Hacked with 62.5
million users data on risk
12. Securing Mobile Applications - Subho HalderAppfest 12
4 Myths About Mobile Security
“Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.” – Gartner
ĉ Ą
7 Ĉ
Public app stores are safe because they
have security filters
Data encryption is not required for mobile
devices
PCs are more secure than mobile phones
Two-factor authentication can be neglected
for mobile security
14. Securing Mobile Applications - Subho HalderAppfest 14
Android vs iOS
With the dominance of iOS and the rising popularity of Android devices in the mobile marketplace,
the security of these devices is a growing concern and focus for smartphone users.
IMAGE
0
25
50
75
100
Vulnerable Apps Malwares Device Vulnerability
Fragmentation
80
85
90
95
100
Vulnerable Apps Malwares Device Vulnerabilities
Fragmentation
Despite iOS being traditionally regarded as the safest
platform, there are a number of reasons why that
assumption may be becoming outdated. Firstly,
occurrences of ransomware, malware, rotten apps on
the iTunes store, and social engineering have been
coming into the news far more often in recent times.
The iOS Device Google’s Android platform has become a larger target
for mobile malware writers than Apple iOS. This could
be a result of Android’s popularity—with more than
1 million activations per day, Android smartphones
command a 59% market share worldwide.
The Android Device
15. Securing Mobile Applications - Subho HalderAppfest 15
Devknox
A Developer Friendly Tool To Build Hackproof Apps
IMAGE PLACEHOLDER
Get your code checked for security flaws as you write it
ON EDIT ANNOTATIONS
Devknox understands the context of your code and
suggests one-click fixes
QUICK FIXES
Devknox takes care of security requirements and keeps it
up to date with global security standards
ALWAYS UP TO DATE
Devknox is supported on JetBrains IDE (private beta),
Android Studio (private beta)
MULTIPLE IDE SUPPORT