Breached! App Attacks, Application Protection and Incident ResponseResilient Systems
The document provides an agenda for a presentation on application security and incident response best practices. It introduces Ted Julian from Co3 Systems and Chris Wysopal from Veracode as the speakers. It summarizes Co3's automated breach management platform and Veracode's application security testing platform. The presentation covers application vulnerabilities, real-world breaches from vulnerabilities like SQL injection, and techniques for testing application security. It also outlines best practices for preparing for, reporting on, assessing, and managing application security incidents.
This document discusses mobile devices and control issues. It covers the evolution of mobile devices from smartphones to tablets. It also discusses both the benefits of mobile technology, such as competitive advantage and attracting talent, and the risks, like insecure browsing and lost or stolen devices. The document then outlines ways to address these risks, such as mobile device management policies and security applications. Finally, it examines the impact on the accounting profession through updated audit procedures and reliance on internal controls frameworks to assess mobile computing security.
Overall theme is that with IBM Cloud Security Enforcer, IBM is offering the industry’s first solution to combine cloud discovery, access, and threat prevention
Verivo Akula 2.0 - Development, Security and Governance of Enterprise Mobile...VerivoSoftware
Overview of Verivo’s Akula 2.0 open, standards-based enterprise mobile application platform. If you are responsible for your organization’s mobile app architecture, development or day-to-day management, this is a must-see presentation! Learn how to take enterprise mobile app development, security and governance to the next level.
The Future of Mobile Application SecuritySecureAuth
The rapid adoption of mobile technology in recent years has created an opportunity for enterprises to increase the productivity and flexibility of their organizations. This demand for greater mobility has forced enterprises to deliver sensitive applications and data across a wide array of devices and networks.
SecureAuth and Sencha have created an integrated approach to application, data, and user mobility that elegantly addresses these challenges.
-Secure enterprise application deployment
-End-to-end data security with strong encryption
-Managed application container that works on any device
-Developer SDK for creating rich application user experiences
Most organizations recognize the benefits of single sign-on (SSO): Users love it because they have only one password to remember; security teams love it because they can require that one password to be strong; and management loves it because it boosts productivity while reducing password reset calls.
But how secure is your SSO? A great user experience sometimes means sacrificing security. And even the strongest passwords won’t protect you from the misuse of stolen credentials.
Discuss the shortcomings of traditional SSO and how an adaptive approach can strengthen security while still delivering an amazing user experience.
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
View on-demand webinar: http://ibm.co/21C0aKO
Recent research shows that mobile has become the hackers’ new playground. However, most users and IT professionals do not think this is a real and substantial threat.
In this on-demand session, we will outline the broad scope of risk that mobile malware poses today on iOS and Android, and explain the potential business threats. The enterprise is at a critical juncture where advanced cyber-attacks targeting mobile users are now threatening both corporate and personal information.
Listen in to IBM Security product specialist, Shaked Vax to learn how to reduce risk of data leakage and protect against malicious activity with a comprehensive approach that combines enterprise mobility management (EMM) and mobile threat management.
What is Secure Mobility? Remote working or working outside of the workplace With Any device from Anywhere at Anytime, ensuring High Security and Credential Assurance by using Active Security Policy Enforcement while Improving ease of use and management. This presentation goes into more detail regarding Secure Mobility from GGR Communications.
Breached! App Attacks, Application Protection and Incident ResponseResilient Systems
The document provides an agenda for a presentation on application security and incident response best practices. It introduces Ted Julian from Co3 Systems and Chris Wysopal from Veracode as the speakers. It summarizes Co3's automated breach management platform and Veracode's application security testing platform. The presentation covers application vulnerabilities, real-world breaches from vulnerabilities like SQL injection, and techniques for testing application security. It also outlines best practices for preparing for, reporting on, assessing, and managing application security incidents.
This document discusses mobile devices and control issues. It covers the evolution of mobile devices from smartphones to tablets. It also discusses both the benefits of mobile technology, such as competitive advantage and attracting talent, and the risks, like insecure browsing and lost or stolen devices. The document then outlines ways to address these risks, such as mobile device management policies and security applications. Finally, it examines the impact on the accounting profession through updated audit procedures and reliance on internal controls frameworks to assess mobile computing security.
Overall theme is that with IBM Cloud Security Enforcer, IBM is offering the industry’s first solution to combine cloud discovery, access, and threat prevention
Verivo Akula 2.0 - Development, Security and Governance of Enterprise Mobile...VerivoSoftware
Overview of Verivo’s Akula 2.0 open, standards-based enterprise mobile application platform. If you are responsible for your organization’s mobile app architecture, development or day-to-day management, this is a must-see presentation! Learn how to take enterprise mobile app development, security and governance to the next level.
The Future of Mobile Application SecuritySecureAuth
The rapid adoption of mobile technology in recent years has created an opportunity for enterprises to increase the productivity and flexibility of their organizations. This demand for greater mobility has forced enterprises to deliver sensitive applications and data across a wide array of devices and networks.
SecureAuth and Sencha have created an integrated approach to application, data, and user mobility that elegantly addresses these challenges.
-Secure enterprise application deployment
-End-to-end data security with strong encryption
-Managed application container that works on any device
-Developer SDK for creating rich application user experiences
Most organizations recognize the benefits of single sign-on (SSO): Users love it because they have only one password to remember; security teams love it because they can require that one password to be strong; and management loves it because it boosts productivity while reducing password reset calls.
But how secure is your SSO? A great user experience sometimes means sacrificing security. And even the strongest passwords won’t protect you from the misuse of stolen credentials.
Discuss the shortcomings of traditional SSO and how an adaptive approach can strengthen security while still delivering an amazing user experience.
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
View on-demand webinar: http://ibm.co/21C0aKO
Recent research shows that mobile has become the hackers’ new playground. However, most users and IT professionals do not think this is a real and substantial threat.
In this on-demand session, we will outline the broad scope of risk that mobile malware poses today on iOS and Android, and explain the potential business threats. The enterprise is at a critical juncture where advanced cyber-attacks targeting mobile users are now threatening both corporate and personal information.
Listen in to IBM Security product specialist, Shaked Vax to learn how to reduce risk of data leakage and protect against malicious activity with a comprehensive approach that combines enterprise mobility management (EMM) and mobile threat management.
What is Secure Mobility? Remote working or working outside of the workplace With Any device from Anywhere at Anytime, ensuring High Security and Credential Assurance by using Active Security Policy Enforcement while Improving ease of use and management. This presentation goes into more detail regarding Secure Mobility from GGR Communications.
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
1. The document discusses the misuse of stolen credentials and the need to go beyond standard two-factor authentication.
2. It provides examples of how two-factor authentication can fail, such as through SMS interception, social engineering of knowledge-based authentication questions, and users wrongly accepting authentication requests.
3. The document promotes an adaptive authentication approach using multiple layers of risk analysis and a wide range of authentication methods to strengthen security with minimal user impact.
Managing access is the issue: too many locks, password sprawl wastes time for IT and users, and user productivity leads to IT inefficiency. Allow IT to provide security, simplicity and control with Samsung SDS IAM & EMM.
Minimize data breaches and reduce the risks of regulatory non-compliance in addition to protecting patients, hospitals and insurance networks from fraud with Samsung SDS Identity and Access Management.
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
The enterprise attack surface has exploded in recent years. More users on more devices in more locations are able to access ever more sensitive enterprise applications. The result is that the number of targets for attackers has gone up dramatically.
The expanding attack surface has been dubbed a “Cyber House of Horrors,” as insider risks, aggressive social engineering, exploitation of outdated access controls, and a range of other security issues have come to the fore.
Join Certes Networks and Intellyx for a webinar to explore:
What factors are driving the expansion of the attack surface?
What types of attacks and exploits are taking advantage of these changes?
How are segmentation techniques and access controls evolving in response?
5 things you didnt know you could do with security policy managementAlgoSec
This document discusses how a security policy management solution can automate various tasks. It describes how such a solution can:
1. Automate end-to-end change management across public and private clouds through zero-touch workflows.
2. Link vulnerability assessments to specific business applications to prioritize remediation based on business impact.
3. Integrate with SIEM systems to provide business context during cyber incidents, such as identifying impacted applications and automating isolation of exposed servers.
4. Automate firewall migrations through a three step process of exporting policies, opening change requests, and implementing changes.
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
81% of companies have employee owned devices accessing their networks, but only 48% claim to have a well-defined mobile security strategy. To secure today’s mobile workforce businesses must consider adopting a framework to enable the use of mobile technology while minimizing the risks to both their employees and their customers. In this presentation, we review the unique challenges we all face and IBM’s approach to securing and managing the mobile enterprise.
http://securityintelligence.com/events/live-from-impact-2014-ibm-mobile-security-a-comprehensive-approach-to-securing-and-managing-the-mobile-enterprise/#.VMvT2vMo6Mo
A business driven approach to security policy management a technical perspec...AlgoSec
In this era of digital transformation, globalization, and relentless cyber-attacks, security can no longer remain a technology issue that simply focuses on defending networks and data. It must become a strategic, business driver that transforms the next generation datacenter to both protect and power the agile enterprise. Security teams are therefore now looking to implement intelligent automation that injects business context into their security management.
Join Joe DiPietro, SE Director at AlgoSec for a technical webinar, where he will discuss a business-driven approach to security policy management – from automatically discovering application connectivity requirements, through ongoing change management and proactive risk analysis, to secure decommissioning – that will help make your organizations more agile, more secure and more compliant.
During the webinar, Joe will explain how to:
• Get holistic visibly of security risk and compliance across the enterprise network
• How to reduce risk and avoid application outages
• Tie cyber threats to business processes
• Enhance and automate business processes with business context, including impact analysis and risk approval
• Accelerate and ensure secure business transformation to the cloud
Hundreds of millions of people use smartphones for everyday tasks. As more people use their phones for personal and business purposes, the number of uncontrolled smart phones is growing.
This document describes IBM's Cloud Security Enforcer, a new SaaS solution that integrates identity and access control, threat prevention, policy enforcement, and discovery/visibility capabilities into a single platform. It consolidates leading IBM security technologies to help organizations securely adopt cloud services. Key features include risk scoring for thousands of apps, continuous monitoring of cloud activity, mapping network data to users, mobile integration, single sign-on, connectors to popular apps, access controls, activity monitoring, behavioral analysis, alerting/reporting, intrusion prevention, and threat protection from IBM X-Force. The solution aims to help customers securely deploy cloud services for their employees.
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
view on demand: https://securityintelligence.com/events/dont-drown-in-a-sea-of-cyberthreats/
Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputational damages to an organization. You need a security system that can detect an attack, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints and data.
Join this webinar and learn how IBM BigFix seamlessly integrates with IBM QRadar to provide accelerated risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your corporate and customer data secure.
2019 02-20 micro-segmentation based network security strategies (yoni geva)AlgoSec
As cyber threats become more sophisticated, companies of all sizes are struggling to stay secure. Regardless of how many different firewalls you use, it’s merely a matter of time until a threat gets through. To prevent serious breaches, networks must be internally segmented to stop hackers moving freely inside the network and exfiltrating data – but network segmentation must be designed and managed correctly if it’s to be successful. This webinar will examine how to build a micro-segmentation strategy that truly protect your organization’s valuables.
In this webinar, Yoni Geva, Product Manager at AlgoSec will cover:
• Segmentation challenges
• Micro-segmentation explained
• Micro-segmentation strategy benefits
• Micro-segmentation strategy development – first steps
• Implementation Do’s and Don’ts
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
View on-demand: http://event.on24.com/wcc/r/1125108/92F1EBE9F405FFB683B79FD046CAC8B7
Forrester Research recently conducted a Total Economic Impact (TEI) study, commissioned by IBM, to examine the potential return on investment (ROI) that organizations may achieve by deploying IBM Security Network Protection (XGS), a next-generation intrusion prevention system (IPS). The study determined that by implementing IBM Security Network Protection (XGS), organizations realize an increase in network performance and availability, while also enjoying reduced costs and security risks.
Join us at this complimentary webinar to hear directly from our guest, Forrester TEI consultant Ben Harris, about the results of IBM Security Network Protection (XGS) study.
Préparez vous à une immersion profonde dans la gestion des applications et contenus mobiles et des outils de collaboration pour améliorer la réactivité des employés partout ou ils se trouvent. Nos experts vous montreront comment mettre en service, protéger et de gérer en permanence les données d'entreprise sur les appareils iOS, Android et Windows avec IBM MobileFirst Protect.
Enterprise Mobility: winning strategies to get your organization ready for th...Luca Rossetti
CA Technologies Launches Industry First Mobility Management Cloud to Accelerate App Development, Manage Devices, Apps, Contents and Email.
Management Cloud for Mobility is a first in class, modular, comprehensive portfolio that accelerates high-performance, trusted mobile application delivery that increases employee productivity and customer engagement, while lowering management costs.
Today’s announcement highlights the Company’s new and enhanced cloud-based mobility solutions enabling Enterprise Mobility Management (EMM) and Mobile DevOps, both part of the Management Cloud for Mobility. The mobility portfolio announced today delivers on CA Technologies vision for liberating the mobile workforce of today (^expected to reach 1.3 billion by 2015) and managing and securing the ubiquitously connected tomorrow.
A strong cloud security strategy that allows you to discover, manage and secure employee use of cloud applications is critical. This infographic shows what you can do to make cloud applications safer for everyone. To learn more, visit http://ibm.co/1L3dntu.
Put out audit security fires, pass audits -every time AlgoSec
Compliance with network and data security regulations and internal standards is vital and mission-critical. But with increasing global regulations and network complexities, it’s harder than ever to keep up.
Firewall management and network security policies are critical components in achieving compliance. Firewall audits are complex and demanding and documentation of current rules is lacking. There’s no time and resources to find, organize, and inspect all your firewall rules. Instead of being proactive and preventative, network security teams are constantly putting out fires.
In this webinar, you will learn:
• The golden rules for passing a network security audit
• Best practices to maintain continuous compliance
• How to conduct a risk assessment and fix issues
Learn how to prevent fires and pass network security audits every time.
Tal Dayan, AlgoSec’s product manager, will reveal the Firewall Audit Checklist, the six best practices to ensure successful audits.
By adopting these best practices, security teams will significantly improve their network’s security posture and reduce the pain of ensuring compliance with regulations, industry standards and corporate policies.
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
View on-demand webinar:
http://event.on24.com/wcc/r/1155218/416359D28E2D43ACB417A8C7C097B3B8
Introducing the Next-Generation Fraud Protection Suite
The financial services industry continues to be plagued by advanced fraud attacks. Sometimes the attacks are successful, resulting in tremendous fraud losses. Virtually always, financial institutions invest significant time and resources to address this continued cyberfraud risk. The fraud protection solutions cobbled together over the past decade suffer from several shortcomings:
Accuracy – statistical risk models generate high false positive alerts, often missing actual fraud
Adaptability – inflexible solutions cannot (or are slow to) react to new threats and new attack methods
Affordability – disparate systems do not leverage pricing incentives and system updates/modifications can be very expensive
Approval – customers are needlessly disrupted by inaccurate risk assessments and the online channel is sub-optimized due to risk concerns
View this on-demand webinar to learn the more about how IBM has taken a fundamentally different approach to fraud protection and management. The IBM Security Trusteer Fraud Protection Suite provides
Evidence-based fraud detection – reduce false positives and missed fraud, leading to better customer experience
Threat-aware authentication – based on actual risk for rapid enforcement
Advanced case management and reporting capabilities – streamline investigations and threat analysis
A powerful remediation tool – quickly remove existing financial malware from infected endpoints
Uncover What's Inside the Mind of a HackerIBM Security
View On-demand Webinar: https://securityintelligence.com/events/uncover-whats-inside-mind-hacker/
A simple software vulnerability can make the bad guys very wealthy. A bustling new market for software vulnerabilities is emerging. An operating system vulnerability can be worth as much as $1 million on the black market.
Ethical Hacker Paul Ionescu aims to put a dent in the bad guys’ pockets by helping developers to “put their hackers’ hats on” and prevent software vulnerabilities.
During this presentation, Paul:
- Demos common software programming flaws
- Discusses notable security breaches that were caused by vulnerabilities such as SQL Injection
- Examines ways to implement software defenses that prevent security flaws from re-emerging
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...Ioannis Stais
Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transactions dictates that any application facing the internet should be either protected by a WAF or successfully pass a code review process. Nevertheless, despite their popularity and importance, auditing web application firewalls remains a challenging and complex task. Finding attacks that bypass the firewall usually requires expert domain knowledge for a specific vulnerability class. Thus, penetration testers not armed with this knowledge are left with publicly available lists of attack strings, like the XSS Cheat Sheet, which are usually insufficient for thoroughly evaluating the security of a WAF product.
In this presentation we introduce a novel, efficient, approach for bypassing WAFs using automata learning algorithms. We show that automata learning algorithms can be used to obtain useful models of WAFs. Given such a model, we show how to construct, either manually or automatically, a grammar describing the set of possible attacks which are then tested against the obtained model for the firewall. Moreover, if our system fails to find an attack, a regular expression model of the firewall is generated for further analysis. Using this technique we found over 10 previously unknown vulnerabilities in popular WAFs such as Mod-Security, PHPIDS and Expose allowing us to mount SQL Injection and XSS attacks bypassing the firewalls. Finally, we present LightBulb, an open source python framework for auditing web applications firewalls using the techniques described above. In the release we include the set of grammars used to find the vulnerabilities presented.
Gone in 60 minutes – Practical Approach to Hacking an Enterprise with Yasuosaurabhharit
The document describes Yasuo, a tool written in Ruby that scans a network to identify vulnerable applications. It does this by checking for over 100 known vulnerable applications and exploits them if possible using Metasploit. The document discusses the need for such a tool, how Yasuo works behind the scenes, recent updates, a demo of Yasuo, challenges, and future plans for the tool. It ends by thanking the audience and requesting help improving Yasuo by submitting more application signatures.
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
1. The document discusses the misuse of stolen credentials and the need to go beyond standard two-factor authentication.
2. It provides examples of how two-factor authentication can fail, such as through SMS interception, social engineering of knowledge-based authentication questions, and users wrongly accepting authentication requests.
3. The document promotes an adaptive authentication approach using multiple layers of risk analysis and a wide range of authentication methods to strengthen security with minimal user impact.
Managing access is the issue: too many locks, password sprawl wastes time for IT and users, and user productivity leads to IT inefficiency. Allow IT to provide security, simplicity and control with Samsung SDS IAM & EMM.
Minimize data breaches and reduce the risks of regulatory non-compliance in addition to protecting patients, hospitals and insurance networks from fraud with Samsung SDS Identity and Access Management.
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
The enterprise attack surface has exploded in recent years. More users on more devices in more locations are able to access ever more sensitive enterprise applications. The result is that the number of targets for attackers has gone up dramatically.
The expanding attack surface has been dubbed a “Cyber House of Horrors,” as insider risks, aggressive social engineering, exploitation of outdated access controls, and a range of other security issues have come to the fore.
Join Certes Networks and Intellyx for a webinar to explore:
What factors are driving the expansion of the attack surface?
What types of attacks and exploits are taking advantage of these changes?
How are segmentation techniques and access controls evolving in response?
5 things you didnt know you could do with security policy managementAlgoSec
This document discusses how a security policy management solution can automate various tasks. It describes how such a solution can:
1. Automate end-to-end change management across public and private clouds through zero-touch workflows.
2. Link vulnerability assessments to specific business applications to prioritize remediation based on business impact.
3. Integrate with SIEM systems to provide business context during cyber incidents, such as identifying impacted applications and automating isolation of exposed servers.
4. Automate firewall migrations through a three step process of exporting policies, opening change requests, and implementing changes.
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
81% of companies have employee owned devices accessing their networks, but only 48% claim to have a well-defined mobile security strategy. To secure today’s mobile workforce businesses must consider adopting a framework to enable the use of mobile technology while minimizing the risks to both their employees and their customers. In this presentation, we review the unique challenges we all face and IBM’s approach to securing and managing the mobile enterprise.
http://securityintelligence.com/events/live-from-impact-2014-ibm-mobile-security-a-comprehensive-approach-to-securing-and-managing-the-mobile-enterprise/#.VMvT2vMo6Mo
A business driven approach to security policy management a technical perspec...AlgoSec
In this era of digital transformation, globalization, and relentless cyber-attacks, security can no longer remain a technology issue that simply focuses on defending networks and data. It must become a strategic, business driver that transforms the next generation datacenter to both protect and power the agile enterprise. Security teams are therefore now looking to implement intelligent automation that injects business context into their security management.
Join Joe DiPietro, SE Director at AlgoSec for a technical webinar, where he will discuss a business-driven approach to security policy management – from automatically discovering application connectivity requirements, through ongoing change management and proactive risk analysis, to secure decommissioning – that will help make your organizations more agile, more secure and more compliant.
During the webinar, Joe will explain how to:
• Get holistic visibly of security risk and compliance across the enterprise network
• How to reduce risk and avoid application outages
• Tie cyber threats to business processes
• Enhance and automate business processes with business context, including impact analysis and risk approval
• Accelerate and ensure secure business transformation to the cloud
Hundreds of millions of people use smartphones for everyday tasks. As more people use their phones for personal and business purposes, the number of uncontrolled smart phones is growing.
This document describes IBM's Cloud Security Enforcer, a new SaaS solution that integrates identity and access control, threat prevention, policy enforcement, and discovery/visibility capabilities into a single platform. It consolidates leading IBM security technologies to help organizations securely adopt cloud services. Key features include risk scoring for thousands of apps, continuous monitoring of cloud activity, mapping network data to users, mobile integration, single sign-on, connectors to popular apps, access controls, activity monitoring, behavioral analysis, alerting/reporting, intrusion prevention, and threat protection from IBM X-Force. The solution aims to help customers securely deploy cloud services for their employees.
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
view on demand: https://securityintelligence.com/events/dont-drown-in-a-sea-of-cyberthreats/
Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputational damages to an organization. You need a security system that can detect an attack, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints and data.
Join this webinar and learn how IBM BigFix seamlessly integrates with IBM QRadar to provide accelerated risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your corporate and customer data secure.
2019 02-20 micro-segmentation based network security strategies (yoni geva)AlgoSec
As cyber threats become more sophisticated, companies of all sizes are struggling to stay secure. Regardless of how many different firewalls you use, it’s merely a matter of time until a threat gets through. To prevent serious breaches, networks must be internally segmented to stop hackers moving freely inside the network and exfiltrating data – but network segmentation must be designed and managed correctly if it’s to be successful. This webinar will examine how to build a micro-segmentation strategy that truly protect your organization’s valuables.
In this webinar, Yoni Geva, Product Manager at AlgoSec will cover:
• Segmentation challenges
• Micro-segmentation explained
• Micro-segmentation strategy benefits
• Micro-segmentation strategy development – first steps
• Implementation Do’s and Don’ts
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
View on-demand: http://event.on24.com/wcc/r/1125108/92F1EBE9F405FFB683B79FD046CAC8B7
Forrester Research recently conducted a Total Economic Impact (TEI) study, commissioned by IBM, to examine the potential return on investment (ROI) that organizations may achieve by deploying IBM Security Network Protection (XGS), a next-generation intrusion prevention system (IPS). The study determined that by implementing IBM Security Network Protection (XGS), organizations realize an increase in network performance and availability, while also enjoying reduced costs and security risks.
Join us at this complimentary webinar to hear directly from our guest, Forrester TEI consultant Ben Harris, about the results of IBM Security Network Protection (XGS) study.
Préparez vous à une immersion profonde dans la gestion des applications et contenus mobiles et des outils de collaboration pour améliorer la réactivité des employés partout ou ils se trouvent. Nos experts vous montreront comment mettre en service, protéger et de gérer en permanence les données d'entreprise sur les appareils iOS, Android et Windows avec IBM MobileFirst Protect.
Enterprise Mobility: winning strategies to get your organization ready for th...Luca Rossetti
CA Technologies Launches Industry First Mobility Management Cloud to Accelerate App Development, Manage Devices, Apps, Contents and Email.
Management Cloud for Mobility is a first in class, modular, comprehensive portfolio that accelerates high-performance, trusted mobile application delivery that increases employee productivity and customer engagement, while lowering management costs.
Today’s announcement highlights the Company’s new and enhanced cloud-based mobility solutions enabling Enterprise Mobility Management (EMM) and Mobile DevOps, both part of the Management Cloud for Mobility. The mobility portfolio announced today delivers on CA Technologies vision for liberating the mobile workforce of today (^expected to reach 1.3 billion by 2015) and managing and securing the ubiquitously connected tomorrow.
A strong cloud security strategy that allows you to discover, manage and secure employee use of cloud applications is critical. This infographic shows what you can do to make cloud applications safer for everyone. To learn more, visit http://ibm.co/1L3dntu.
Put out audit security fires, pass audits -every time AlgoSec
Compliance with network and data security regulations and internal standards is vital and mission-critical. But with increasing global regulations and network complexities, it’s harder than ever to keep up.
Firewall management and network security policies are critical components in achieving compliance. Firewall audits are complex and demanding and documentation of current rules is lacking. There’s no time and resources to find, organize, and inspect all your firewall rules. Instead of being proactive and preventative, network security teams are constantly putting out fires.
In this webinar, you will learn:
• The golden rules for passing a network security audit
• Best practices to maintain continuous compliance
• How to conduct a risk assessment and fix issues
Learn how to prevent fires and pass network security audits every time.
Tal Dayan, AlgoSec’s product manager, will reveal the Firewall Audit Checklist, the six best practices to ensure successful audits.
By adopting these best practices, security teams will significantly improve their network’s security posture and reduce the pain of ensuring compliance with regulations, industry standards and corporate policies.
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
View on-demand webinar:
http://event.on24.com/wcc/r/1155218/416359D28E2D43ACB417A8C7C097B3B8
Introducing the Next-Generation Fraud Protection Suite
The financial services industry continues to be plagued by advanced fraud attacks. Sometimes the attacks are successful, resulting in tremendous fraud losses. Virtually always, financial institutions invest significant time and resources to address this continued cyberfraud risk. The fraud protection solutions cobbled together over the past decade suffer from several shortcomings:
Accuracy – statistical risk models generate high false positive alerts, often missing actual fraud
Adaptability – inflexible solutions cannot (or are slow to) react to new threats and new attack methods
Affordability – disparate systems do not leverage pricing incentives and system updates/modifications can be very expensive
Approval – customers are needlessly disrupted by inaccurate risk assessments and the online channel is sub-optimized due to risk concerns
View this on-demand webinar to learn the more about how IBM has taken a fundamentally different approach to fraud protection and management. The IBM Security Trusteer Fraud Protection Suite provides
Evidence-based fraud detection – reduce false positives and missed fraud, leading to better customer experience
Threat-aware authentication – based on actual risk for rapid enforcement
Advanced case management and reporting capabilities – streamline investigations and threat analysis
A powerful remediation tool – quickly remove existing financial malware from infected endpoints
Uncover What's Inside the Mind of a HackerIBM Security
View On-demand Webinar: https://securityintelligence.com/events/uncover-whats-inside-mind-hacker/
A simple software vulnerability can make the bad guys very wealthy. A bustling new market for software vulnerabilities is emerging. An operating system vulnerability can be worth as much as $1 million on the black market.
Ethical Hacker Paul Ionescu aims to put a dent in the bad guys’ pockets by helping developers to “put their hackers’ hats on” and prevent software vulnerabilities.
During this presentation, Paul:
- Demos common software programming flaws
- Discusses notable security breaches that were caused by vulnerabilities such as SQL Injection
- Examines ways to implement software defenses that prevent security flaws from re-emerging
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...Ioannis Stais
Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transactions dictates that any application facing the internet should be either protected by a WAF or successfully pass a code review process. Nevertheless, despite their popularity and importance, auditing web application firewalls remains a challenging and complex task. Finding attacks that bypass the firewall usually requires expert domain knowledge for a specific vulnerability class. Thus, penetration testers not armed with this knowledge are left with publicly available lists of attack strings, like the XSS Cheat Sheet, which are usually insufficient for thoroughly evaluating the security of a WAF product.
In this presentation we introduce a novel, efficient, approach for bypassing WAFs using automata learning algorithms. We show that automata learning algorithms can be used to obtain useful models of WAFs. Given such a model, we show how to construct, either manually or automatically, a grammar describing the set of possible attacks which are then tested against the obtained model for the firewall. Moreover, if our system fails to find an attack, a regular expression model of the firewall is generated for further analysis. Using this technique we found over 10 previously unknown vulnerabilities in popular WAFs such as Mod-Security, PHPIDS and Expose allowing us to mount SQL Injection and XSS attacks bypassing the firewalls. Finally, we present LightBulb, an open source python framework for auditing web applications firewalls using the techniques described above. In the release we include the set of grammars used to find the vulnerabilities presented.
Gone in 60 minutes – Practical Approach to Hacking an Enterprise with Yasuosaurabhharit
The document describes Yasuo, a tool written in Ruby that scans a network to identify vulnerable applications. It does this by checking for over 100 known vulnerable applications and exploits them if possible using Metasploit. The document discusses the need for such a tool, how Yasuo works behind the scenes, recent updates, a demo of Yasuo, challenges, and future plans for the tool. It ends by thanking the audience and requesting help improving Yasuo by submitting more application signatures.
Andrew Ford at Social Star Webinar on how to get more referrals from Linkedin...Andrew Ford
The document outlines a client referral process for businesses. It discusses the importance of referrals, providing statistics showing that people trust peer recommendations more than other forms of marketing. It then lists 8 steps to an effective referral process: 1) Ask for referrals from satisfied clients, 2) Have a clear pitch, 3) Recognize client needs, 4) Be referred by name, 5) Be easily found online, 6) Connect with referrals, 7) Convert referrals to clients, 8) Delight existing clients so they provide referrals. The document emphasizes building an online profile, particularly on LinkedIn, to attract referrals through digital content and connections.
The document outlines a back-to-school marketing campaign for MyEdu to promote its textbook buying tools and resources to college students. Research found that students prioritize price and convenience when buying books and rely on peers for influences. The proposed campaign would increase awareness of MyEdu through on-campus events, advertisements, and partnerships with student groups.
Tablas de repaso de las declinaciones griegasRafael Ayuso
Este documento presenta las declinaciones de sustantivos y adjetivos en griego antiguo. Describe las terminaciones y casos de sustantivos de la 1a, 2a y 3a declinación, tanto masculinos como femeninos y neutros. También explica las diferentes terminaciones y declinaciones de adjetivos griegos de acuerdo a su género y número.
Abdulloh Azzam is a recent graduate of Telkom University with a Bachelor's Degree in Computational Science. He has over 5 months of work experience in network installation, maintenance, and monitoring roles at PT Telkomsel Tbk, PT Telkom Tbk, and PT Diskominfo Depok. His technical skills include languages such as English, Indonesian, and basic Japanese as well as software like MS Office, Matlab, and operating systems. He is looking to further his career in telecommunications.
This document summarizes a research paper that proposes a novel unsupervised approach to identify evaluative sentences in online discussions. The approach extracts aspects and expands evaluation and emotion lexicons in an unsupervised manner. It then models the interactions between aspects, evaluation words, and emotion words to classify a sentence as either evaluative or non-evaluative. The classification is done in two steps - first by calculating an evaluative score for aspects, and then comparing the sums of matched evaluation and emotion words. The approach is empirically evaluated and its parameters are analyzed.
The document describes algorithms for retrieving the 128-bit AES encryption key from cache access patterns. It outlines preliminaries on side channel attacks, AES implementation and operations. It then presents a first round attack and second round attack to retrieve the key from known plaintext/ciphertext blocks and corresponding cache access patterns of table elements during AES encryption/decryption. Evaluation results and limitations/extensions are also discussed.
The document summarizes Pakistan's trade policy and strategic trade policy framework from 2009-2012. The key points are:
1) The trade policy aims to achieve sustainable high economic growth through exports by setting clear trade standards and reducing barriers.
2) The strategic trade policy framework provides guidelines and identifies priority actions like export competitiveness programs and trade support interventions.
3) Some specific measures to support exports include subsidizing transport costs and certification, import duty reductions, and export restrictions easing for certain industries.
4) The objectives are to enhance export competitiveness, reduce business costs, protect SMEs, and promote market access through regional trade agreements.
How Healthcare CISOs Can Secure Mobile DevicesSkycure
Original webinar: http://get.skycure.com/mobile-security-in-healthcare-webinar
In this webinar, Jim Routh, CSO at Aetna, and Adi Sharabani, CEO and co-founder at Skycure, discuss:
- The state of mobile security in Healthcare organizations
- How to improve incident response and resilience of mHealth IT operations
- How to leverage risk-based mobility to predict, detect and protect against threats
Three Secrets to Becoming a Mobile Security SuperheroSkycure
View recorded webinar here - http://hubs.ly/H03W-Ns0
Learn the secrets of one mobile security superhero as he details his journey to defend his organization, the 2nd largest beverage distributor, against mobile threats.
The document provides information about customizing the Connections Mobile app. It discusses options for customization including branding, services, login forms and EULAs. It describes the mobile app architecture and components that can be customized. Specific customization capabilities are then covered in more detail such as customizing the application name, service labels, login forms, and adding additional services. The document also discusses leveraging Connections through social rendering and mobile administration.
17 марта 2016 года в московском офисе Яндекса состоялась очередная встреча OWASP Russia Meetup — встреча сообщества специалистов по информационной безопасности. Основной темой этой встречи стала безопасность мобильных приложений. На встрече выступили эксперты, которые рассказали о различных аспектах этой темы и поделились примерами из реальной жизни и личного опыта.
В мероприятии участвовал Юрий Чемёркин, эксперт-исследователь «Перспективного мониторинга» с докладом «Безопасность мобильных приложений и утёкшие данные». Он рассказал, насколько не защищены многие популярные мобильные приложения и что нужно сделать, чтобы повысить их уровень защищённости.
April 2023 CIAOPS Need to Know WebinarRobert Crane
This webinar covered Microsoft Defender for Cloud Apps and provided resources for further information. The presentation included a demonstration of Defender for Cloud Apps and its capabilities for monitoring cloud app usage, investigating risks and suspicious activity, and assessing app security. It also announced an upcoming Microsoft 365 update and provided various news links and documentation about Microsoft cloud products and services. Attendees were encouraged to join the CIAOPS patron program for additional training resources.
Enable best-of-breed security testing for enterprise, web and
mobile applications
• Facilitate application security testing for your customers at the
appropriate stage of their development lifecycle
• Identify security vulnerabilities such as SQL injection and
cross-site scripting (XSS)
• Automate correlation of static, dynamic and interactive application
security testing results
• Deliver detailed reporting to your customers that summarise
security vulnerabilities, assesses potential risk and offers
remediation tactics
This document discusses securing mobile devices in the workplace. It identifies challenges such as the rise in mobile threats from malware and risky apps. It also discusses how users adopt personal apps for work and the need to protect sensitive corporate information. The document then summarizes Symantec's mobile security solutions to address these challenges, including mobile device management, application management, and threat protection capabilities like anti-malware.
Today, being connected on-line is a foundational aspect of many businesses. Everything from our computers and cars to phones and refrigerators are connected in the race to digital transformation.
But it comes with a cost. Every device and application in use increases our cyber-attack surface.
These slides--based on the webinar from leading IT research firm Enterprise Management Associates (EMA) and Risk IQ--provide information on:
- How to get an accurate picture of your attack surface
- How threat actors exploit our Internet presence within the context of business and security management tools, issues, and practices
- How you can reduce your risk of an attack
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
The maturity on securing network and system infrastructures has been the key focus and application security was mostly overlooked. In the slides I try to give a quick and crisp brief on why application security practices are important and how to embark on application security assurance programs
On April 2nd, ASI held its first invitation-only CIO Summit — on Data Security in a Mobile World in downtown Washington, DC, exclusively for not-for-profit CIOs. The event brought together the best and brightest minds from the association, non-profit, and business communities to address the current data security threats they're facing, particularly in this increasingly mobile world.
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
View on demand: http://event.on24.com/wcc/r/1071186/DB920F7B3EC241F8D7637CE3303D6585
Session 2 of IBM’s #CoverYourApps with Application Security on Cloud Webinar Series
In this session, you’ll learn how to test application source code for potential security vulnerabilities, so that you can confidently release your organization’s applications. Special emphasis will paid on how to test code quickly and effectively, in order to keep up with the ever-increasing pace of application release schedules.
Check out the rest of our #CoverYourApps with IBM’s Application Security on Cloud Webinar Series! Register today for all three to get up to speed on the latest from IBM on Application Security on Cloud.
IBM Mobile Foundation is a mobile backend platform that provides tools for mobile app development, security, analytics, and backend services. It allows developers to focus on the mobile app while Mobile Foundation handles services like push notifications, offline data storage, and backend logic. Mobile Foundation can be deployed on-premises or on IBM Bluemix and supports both hybrid and native mobile app development.
David Cass discusses the role of security and how best practices can be used to accelerate cloud adoption and success.
Learn more by visiting our Bluemix Hybrid page: http://ibm.co/1PKN23h
Speaker: David Cass (Vice President, Cloud and SaaS CISO)
Make Good Apps great - Using IBM MobileFirst FoundationAjay Chebbi
App developers tend to spend a lot of time not working on the user experience of the app. They need a helping hand to manage app security, app lifecycle management, enterprise connectivity etc. IBM Mobile First Foundation provides a platform. Use the Mobile Foundation service on Bluemix cloud.
Cybersecurity for Real Estate & ConstructionAronson LLC
Aronson’s Tech Risk Partner Payal Vadhani and Construction & Real Estate Partner Tim Cummins spoke at the AICPA’s Construction and Real Estate Conference on December 8-9, 2016 at the Wynn in Las Vegas, NV. Their presentation focuses on how construction contractors and real estate organizations can develop a scalable multi-year cybersecurity strategy. In order for a security culture to be present and truly effective, security awareness and engagement is required at every level of your organization. Payal and Tim’s multi-tiered foundational block approach coupled with governance and culture will provide you and your organization with a roadmap for success and a customized cybersecurity program based on the industry, business needs, regulatory requirements, and specific business and cyber risks.
1) The document discusses information risk and protection, describing how managing digital identities has become more complex with the rise of cloud and mobile technologies.
2) It promotes IBM's security solutions for managing information risk across identity, cloud, fraud, applications, data and mobile domains.
3) These solutions aim to govern users and enforce access controls, protect sensitive data, build and deploy secure applications, protect against fraud, secure mobile devices and applications, and enforce cloud security policies.
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
This document summarizes a presentation about protecting mobile payments applications and data from security risks. It discusses the growing mobile payments landscape and threats from criminals attacking mobile apps. It then outlines techniques used by criminals to easily attack mobile banking apps, particularly focusing on reverse engineering apps to steal crypto keys and sensitive data. The presentation concludes by describing comprehensive protection techniques including application hardening, obfuscation, tamper detection, and cryptographic key protection like white-box cryptography.
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
Join Cenzic’s Chris Harget for an overview of the essentials of Web Application Security, including the risks, practices and tools that improve security at every stage of the application lifecycle.
- Organizations are undergoing digital transformation due to its huge impact, and mobility-lagging organizations will suffer negative consequences like lower productivity and employee resignations.
- Enterprise mobility presents new demands for mobile applications that require faster development and integration compared to traditional enterprise applications. However, an estimated 66% of mobile projects fail due to challenges inhibiting success.
- IBM's MobileFirst Foundation provides comprehensive mobile middleware that can be deployed on-premises or on the cloud to help organizations develop mobile applications securely and at scale through features like analytics, backend logic, and push notifications.
Similar to Side Channel Leaks in Mobile Applications (20)
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLESanfaltahir1010
Image: Include an image that represents the concept of precision, such as a AI helix or a futuristic healthcare
setting.
Objective: Provide a foundational understanding of precision medicine and its departure from traditional
approaches
Role of theory: Discuss how genomics, the study of an organism's complete set of AI ,
plays a crucial role in precision medicine.
Customizing treatment plans: Highlight how genetic information is used to customize
treatment plans based on an individual's genetic makeup.
Examples: Provide real-world examples of successful application of AI such as genetic
therapies or targeted treatments.
Importance of molecular diagnostics: Explain the role of molecular diagnostics in identifying
molecular and genetic markers associated with diseases.
Biomarker testing: Showcase how biomarker testing aids in creating personalized treatment plans.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Real-world case study: Present a detailed case study showcasing the success of precision
medicine in a specific medical scenario.
Patient's journey: Discuss the patient's journey, treatment plan, and outcomes.
Impact: Emphasize the transformative effect of precision medicine on the individual's
health.
Objective: Ground the presentation in a real-world example, highlighting the practical
application and success of precision medicine.
Data challenges: Address the challenges associated with managing large sets of patient data in precision
medicine.
Technological solutions: Discuss technological innovations and solutions for handling and analyzing vast
datasets.
Visuals: Include graphics representing data management challenges and technological solutions.
Objective: Acknowledge the data-related challenges in precision medicine and highlight innovative solutions.
Data challenges: Address the challenges associated with managing large sets of patient data in precision
medicine.
Technological solutions: Discuss technological innovations and solutions
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid
IBM watsonx Code Assistant for Z, our latest Generative AI-assisted mainframe application modernization solution. Mainframe (IBM Z) application modernization is a topic that every mainframe client is addressing to various degrees today, driven largely from digital transformation. With generative AI comes the opportunity to reimagine the mainframe application modernization experience. Infusing generative AI will enable speed and trust, help de-risk, and lower total costs associated with heavy-lifting application modernization initiatives. This document provides an overview of the IBM watsonx Code Assistant for Z which uses the power of generative AI to make it easier for developers to selectively modernize COBOL business services while maintaining mainframe qualities of service.
A neural network is a machine learning program, or model, that makes decisions in a manner similar to the human brain, by using processes that mimic the way biological neurons work together to identify phenomena, weigh options and arrive at conclusions.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
Consistent toolbox talks are critical for maintaining workplace safety, as they provide regular opportunities to address specific hazards and reinforce safe practices.
These brief, focused sessions ensure that safety is a continual conversation rather than a one-time event, which helps keep safety protocols fresh in employees' minds. Studies have shown that shorter, more frequent training sessions are more effective for retention and behavior change compared to longer, infrequent sessions.
Engaging workers regularly, toolbox talks promote a culture of safety, empower employees to voice concerns, and ultimately reduce the likelihood of accidents and injuries on site.
The traditional method of conducting safety talks with paper documents and lengthy meetings is not only time-consuming but also less effective. Manual tracking of attendance and compliance is prone to errors and inconsistencies, leading to gaps in safety communication and potential non-compliance with OSHA regulations. Switching to a digital solution like Safelyio offers significant advantages.
Safelyio automates the delivery and documentation of safety talks, ensuring consistency and accessibility. The microlearning approach breaks down complex safety protocols into manageable, bite-sized pieces, making it easier for employees to absorb and retain information.
This method minimizes disruptions to work schedules, eliminates the hassle of paperwork, and ensures that all safety communications are tracked and recorded accurately. Ultimately, using a digital platform like Safelyio enhances engagement, compliance, and overall safety performance on site. https://safelyio.com/
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISTier1 app
Are you ready to unlock the secrets hidden within Java thread dumps? Join us for a hands-on session where we'll delve into effective troubleshooting patterns to swiftly identify the root causes of production problems. Discover the right tools, techniques, and best practices while exploring *real-world case studies of major outages* in Fortune 500 enterprises. Engage in interactive lab exercises where you'll have the opportunity to troubleshoot thread dumps and uncover performance issues firsthand. Join us and become a master of Java thread dump analysis!
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Side Channel Leaks in Mobile Applications
1. Side Channel Leaks
in Mobile Applications
6th Infocom Mobile World Conference 2016
Ioannis Stais, IT Security Consultant
istais@census-labs.com
www.census-labs.com
3. > SIDE CHANNEL LEAKS - WHAT? WHY?
• Mobile App unintentionally exposes sensitive data through a
side channel
• Arises as a side effect from the underlying mobile platform
• Commonly related to features that enhance app performance
& to poorly implemented functionalities
• Leads to significant impact:
– Violates User Privacy
– Creates Legal, regulatory, and financial risks
– Affects Corporate Reputation & Brand Image
13. > CONCLUSIONS
• Risk Mitigation
– Practice Privacy By Design: Be proactive
– Perform Security Assessments
– Communicate Openly & Effectively
– Make Your Privacy Policy Easily Accessible
– Empower users: Provide Choices & Controls
– Enforce Accountability
14. > CONCLUSIONS
• Limit Data Collection & Retention
– Don’t access or collect user data
– Shorten the life cycle of sensitive data
– Establish a data retention policy
– Delete user data promptly following the deletion of an
account
• Mobile App internal processes may need to be
examined, and re-engineered