Simulation and Tutorial M2 Insecure Data Storage by OWASP Mobile 2016

•Download as PPTX, PDF•

0 likes•121 views

Mobile Top 10 2016-M2 -Insecure Data Storage. .This new category is a combination of M2 + M4 from Mobile Top Ten 2014. This covers insecure data storage and unintended data leakage.

Simulation & Tutorial
INSECURE DATA STORAGE
by Mobile Top 10 2016 OWASP
Rizal Aditya
rizaladitya20@yahoo.co.id

M2 - Insecure Data Storage
This new category is a combination of M2 + M4 from Mobile Top Ten 2014.
This covers insecure data storage and unintended data leakage.
 This category insecure data storage and unintended data leakage. Data
stored insecurely includes, but is not limited to, the following:
 SQL databases;
 Log files;
 XML data stores ou manifest files;
 Binary data stores;
 Cookie stores;
 SD card;
 Cloud synced.

A. Tools
1. OS Windows 7 Proffesional x64 bit.
2. Genymotion Android Emulator 3.0.3
3. Oracle VM VirtualBox 6.0.4 (Include during Genymotion installation)
4. Root Checker (root-checker-6-4-7.apk)
5. DIVA Damn Insecure and Vulnerable App. apk (diva-beta.apk). Download
in references [1].

B. Install
Genymotion Android Emulator
1. Download an application Genymotion Android Emulator in
https://www.genymotion.com/fun-zone/. In this practise use TRIAL version (only
30 days).
2. Then run and install.

C. Shell Android Debug Brigde (ADB) Configuration
1. Add the adb location path to the Variables Environment. Control Panel - System -
"Advanced system settings". Advanced tab - Environment Variables. Click PATH,
then click edit, and add the location path adb.exe (Genymotion).
2. %PY_HOME%;%PY_HOME%Lib;%PY_HOME%DLLs;%PY_HOME%Liblib-
tk;C:Program Files (x86)Nmap;C:Program FilesGenymobileGenymotiontools

D. How to run Genymotion emulator.
 Install one of the emulator phones on Genymotion. Then run by selecting three
points, and click start.

F. Root Android (root-checker-6-4-7.apk)

G. DIVA (Damn Insecure and Vulnerable App) APK
 For installation, click and hold the file then drag the apk file (diva-beta.apk) into the
emulator. Wait until the installation process is complete.
 If the apk file is successfully installed, a DIVA shortcut will appear in the emulator. Click to
run it.

H. Command Shell & Configuration
1. Test whether adb is connected. Check IP on Android system status. PORT
5555 Default Genymotion.
Adb connect 192.168.5.4:5555
1. Run the adb shell > adb shell

Insecure Data Storage (M2)
Technique 1: Stolen Device Technique 2: Malicious App
Source: https://www.vaadata.com/blog/mobile-application-security-explained-simply-episode-2/

Insecure Data Storage (M2)
• The data of an Android application is stored at the location /data/data/<package_name>.
• Shared Preference is a way to store data of an Android app in the form of value, key pair.
Source: https://tools.androidtamer.com/Training/DIVA/03_Insecure_Data_Storage_P1/

Insecure Data Storage (M2)
1. Create Database 2. Save data
Source: https://tools.androidtamer.com/Training/DIVA/04_Insecure_Data_Storage_P2/

Insecure Data Storage (M2)
Source: https://tools.androidtamer.com/Training/DIVA/05_Insecure_Data_Storage_P3/

Insecure Data Storage (M2)
Source: https://tools.androidtamer.com/Training/DIVA/06_Insecure_Data_Storage_P4/

References
 https://www.owasp.org/index.php/Mobile_Top_10_2016-M2-
Insecure_Data_Storage
 https://payatu.com/damn-insecure-and-vulnerable-app
 https://www.vaadata.com/blog/mobile-application-security-explained-simply-
episode-2
 https://tools.androidtamer.com/Training/DIVA/

The document discusses the results of analyzing the security of over 50 iOS and Android apps. Several common issues were found, including insecure data storage techniques like storing sensitive data in plaintext files, insufficient transport layer security from improperly overriding default TLS implementations, and unintentional data leakage through background iOS screenshots. Recommendations are provided to address each issue, such as using encryption to store sensitive data and relying on the framework's default TLS validation.

2015.04.24 Updated > Android Security Development - Part 1: App Development

Cheng-Yi Yu

This document discusses various aspects of securing Android app development, including: - Setting debuggable and backup permissions to false to prevent unauthorized access. - Clearing the clipboard when leaving an app to avoid content being copied elsewhere. - Only requesting necessary permissions and removing unneeded ones over time. - Encrypting databases using SQLCipher or the SQLite Encryption Extension. - Verifying SSL certificates and encrypting network traffic using HTTPS. - Performing cryptography in C/C++ via the Android NDK for increased security. - Generating secure access tokens, passwords, and keys using techniques like hardware IDs and scrambling. - Validating user input through secure hashing algorithms.

Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...

Consulthinkspa

This document discusses Android key management and cryptography. It covers symmetric and asymmetric encryption algorithms like AES and RSA. It describes using the Android Keystore to securely store cryptographic keys and how PBKDF2 can be used to derive keys from passwords. It also demonstrates how apps can be reversed to extract hardcoded keys and discusses more secure alternatives like storing keys on a server.

Internet explorer tech support call 1 866-757-9494

Tech Cillin

Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014

Anant Shrivastava

This presentation talks about OWASP Mobile Risk M2 i.e. Insecure Data Storage. The agenda of the presentation is to understand the Data Storage and effect of insecure data storage. Then it also had demo's of known insecure data storage flaws. Methods to identify this flaw and various precautions that a developer should take to prevent this flaw. The presentation was done as part of null/OWASP/G4H Monthly Meet

Koubei banquet 31Koubei UED

ALPSP Conference - Pierre Montagano - Code Ocean - Sept 14 2017

Code Ocean

‘Reproducibility and Reuse of Scientific Code’ - Pierre discussed why curating software so it can run is important for researchers and institutions. He also demonstrated Code Ocean, a executable code repository, that allows researchers not only to deposit their code but also all other dependencies in order for their scientific software to run. Using container technologies, code execution is agnostic to programming languages, versions or operating systems.

This document discusses various aspects of securing Android development including permissions, encryption, API management, and more. It addresses securing the USB, screen, clipboard, and databases. It recommends using Android NDK for cryptography to make analysis harder. API access should use randomly generated access tokens that are tied to the user ID and hardware ID and refreshed periodically. Encryption should be done with keys derived from random, hardware ID, and user-provided values.

Android Security

Mehrnaz Amoon

Intune/AADとLookout連携によるモバイル端末の管理と脅威対策

ID-Based Security イニシアティブ

Android tutorials2 android_tools_on_eclipse

Vlad Kolesnyk

This document provides instructions for setting up Android development tools on a computer without Eclipse. It outlines downloading and installing the Android SDK from the Android repository in Eclipse and installing additional IA32 libraries on Linux systems to allow Android tools to run properly without Eclipse. The steps include adding the Android repository URL in Eclipse, selecting all available packages to download, continuing the installation, and restarting Eclipse if any security warnings appear.

What is Android? How to develop apps?

Avinash Meetoo

Andriod Pentesting and Malware Analysis

n|u - The Open Security Community

The document provides an overview of Android OS basics, including its history and key components. It discusses understanding APKs, Android's security model, and includes a brief look at popular Android malware. It also covers reversing Android malware and pentesting the Android platform, with demos. The speaker will discuss Android OS, APKs, the security model, rooting, malware, and reversing tools.

Android Security

Robin De Croon

This document discusses Android security. It covers system and kernel level security features like process sandboxing and memory protection. It also discusses user security features such as device encryption, password hashing, and screen locks. Additionally, it examines Android application security mechanisms like permissions and Play Store verification. Finally, it analyzes recent Android security problems involving SMS vulnerabilities and processor exploits.

Windows 10

Ngi-NGN Online

This document discusses the security features of Windows operating systems. It provides an overview of security improvements in Vista, Windows 7, Windows 8, and Windows 10. Some key security features discussed include User Account Control, BitLocker, Credential Guard, Device Guard, and Windows Hello authentication. The presentation evaluates how these features help to address vulnerabilities and protect the operating system and user data.

Android Secure Coding

JPCERT Coordination Center

The document discusses secure coding practices for Android app development. It begins with an introduction that notes the growing number of Android users and prevalence of Android vulnerabilities reported in news headlines. The document then covers various categories of Android app security issues and explores examples of specific vulnerabilities, including unintended activity exposure, local servers accessible to other apps, and unintended content provider exposure. Root causes and solutions are provided for each vulnerability along with references for developers. The goal is to help developers learn from real-world examples and avoid common vulnerabilities through secure coding techniques.

Hacker-powered Software Development

Assembla

This document discusses hacker-powered software development and continuous delivery that meets security needs. It introduces Jacek Materna from Assembla and Luke Tucker from HackerOne, who will discuss incorporating security testing by hackers into the software development lifecycle (SDLC). Open source code is now a major part of most software, but can be difficult to control from a security perspective. The presentation recommends integrating vulnerability assessments and hackers into regular testing in development, build, package, and deployment stages. Assembla's use of HackerOne for bounty programs is provided as a case study.

Android Security & Penetration Testing

Subho Halder

December2016 patchtuesdayshavlik

LANDESK

This document summarizes a webinar on the December 2016 Patch Tuesday updates. It provides an agenda for the webinar including an overview of the December patches, known issues, and bulletins. It then lists details on several Microsoft and Adobe security updates released on Patch Tuesday, including the impacted products, descriptions of the vulnerabilities fixed, severity ratings, and whether a restart is required.

IE Exploit Protection

Kim Jensen

All of the endpoint protection products tested were unable to fully block the Internet Explorer zero-day exploit, with some blocking URL access or detecting malware payloads after exploitation. Kaspersky blocked and warned on URL access while Sophos warned but did not properly block. For exploit blocking, only Kaspersky was able to fully block the exploit code from executing. Malware detection abilities varied, with some products quarantining payloads after execution.

January2017 patchtuesdayshavlik

LANDESK

This document summarizes an upcoming webinar about the January 2017 Patch Tuesday updates. The webinar will provide an overview of the January Patch Tuesday bulletins, known issues, best practices for deploying updates, and industry news. The document then summarizes the key updates being released, including updates for Windows 10, Office, Adobe Flash Player, Acrobat, and security updates for other products. It concludes by listing resources for getting Shavlik content updates, attending future webinars, and watching previous webinar recordings.

Android security - an enterprise perspective

Pietro F. Maggi

DEBUNKING ANDROID SECURITY MYTHS WITH DATA In this talk I’m presenting some hot topics for European Corporation in the process to adopt Android as COSU devices. How features introduced in Android 6.0, Google Mobile Services and third party extensions collaborate to provide to the market state of art solutions. This talk will answer to questions like: 1. Android threats, real or FUD? 2. Security updates, why are they critical for the Enterprise market 3. Security and Long Life Cycle of Android devices, what are the market best practices This session is powered by Zebra

[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...

hackersuli

"Van publikus iBoot exploit az iOS-hez!" Ha erre a mondatra nem vigyorogsz, gyere el és fogsz. Ha viszont zokognál, akkor arra is van okod - hogy miért, gyere el és megtudod :) A decemberi első* Hackersuli meetupon iOS-ről fogunk beszélni mind alkalmazáshekkelési/penteszter szemszögből, mind pedig abból nézve, hogy most akkor beadhatod-e nyugodt szívvel az iPhone-odat kijelzőcserére az araboknak a Nyugatinál.

The Seven Most Dangerous New Attack Techniques, and What's Coming Next

Priyanka Aash

Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems. (Source: RSA USA 2016-San Francisco)

October2016 patchtuesdayshavlik

LANDESK

This document summarizes the October 2016 Patch Tuesday updates from Microsoft. It provides information on 42 security updates affecting Windows 10, Edge, Internet Explorer, and other Microsoft products. The updates fix critical vulnerabilities that could allow remote code execution or elevation of privilege. Administrators are advised to apply all security updates as soon as possible to protect systems.

Cyber Security and Open Source

POSSCON

Android security and penetration testing | DIVA | Yogesh Ojha

Yogesh Ojha

This document provides an overview of Android security and penetration testing. It discusses the Android runtime environment and application fundamentals. It then examines the contents of an Android APK file, including the AndroidManifest.xml and code files. The document outlines the Android sandbox security model and various tools for decompiling and analyzing APKs. It introduces the DIVA vulnerable Android app and demonstrates several common security issues like insecure data storage, input validation problems, and ways to capture network traffic.

Building Custom Android Malware BruCON 2013

Stephan Chenette

An expert in custom Android malware for penetration testing discussed building custom malware to bypass security controls. The speaker outlined their methodology which included researching existing malware techniques, probing the environment, uploading unmodified malware, and creating altered versions to evade detection. The talk covered functionality like autostarting, collecting device data, and communicating with command and control servers. Various scenarios were proposed like using vulnerable libraries or requesting all permissions to test security controls.

Pentesting Android Applications

Cláudio André

What's hot

Android Security Development

hackstuff

Android Security

Mehrnaz Amoon

Intune/AADとLookout連携によるモバイル端末の管理と脅威対策

ID-Based Security イニシアティブ

Android tutorials2 android_tools_on_eclipse

Vlad Kolesnyk

What is Android? How to develop apps?

Avinash Meetoo

Andriod Pentesting and Malware Analysis

n|u - The Open Security Community

Android Security

Robin De Croon

Windows 10

Ngi-NGN Online

Android Secure Coding

JPCERT Coordination Center

Hacker-powered Software Development

Assembla

Android Security & Penetration Testing

Subho Halder

December2016 patchtuesdayshavlik

LANDESK

IE Exploit Protection

Kim Jensen

January2017 patchtuesdayshavlik

LANDESK

Android security - an enterprise perspective

Pietro F. Maggi

[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...

hackersuli

The Seven Most Dangerous New Attack Techniques, and What's Coming Next

Priyanka Aash

October2016 patchtuesdayshavlik

LANDESK

Cyber Security and Open Source

POSSCON

What's hot (19)

Android Security Development

Android Security

Intune/AADとLookout連携によるモバイル端末の管理と脅威対策

Android tutorials2 android_tools_on_eclipse

What is Android? How to develop apps?

Andriod Pentesting and Malware Analysis

Android Security

Windows 10

Android Secure Coding

Hacker-powered Software Development

Android Security & Penetration Testing

December2016 patchtuesdayshavlik

IE Exploit Protection

January2017 patchtuesdayshavlik

Android security - an enterprise perspective

[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...

The Seven Most Dangerous New Attack Techniques, and What's Coming Next

October2016 patchtuesdayshavlik

Cyber Security and Open Source

Hematology Analyzer Machine - Complete Blood Count

shahdabdulbaset

The CBC machine is a common diagnostic tool used by doctors to measure a patient's red blood cell count, white blood cell count and platelet count. The machine uses a small sample of the patient's blood, which is then placed into special tubes and analyzed. The results of the analysis are then displayed on a screen for the doctor to review. The CBC machine is an important tool for diagnosing various conditions, such as anemia, infection and leukemia. It can also help to monitor a patient's response to treatment.

132/33KV substation case study Presentation

kandramariana6

Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024

Sinan KOZAK

Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.

LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant

Anant Corporation

原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样

ydzowc

原件一模一样【微信：bwp0011】《(Humboldt毕业证书)柏林大学毕业证学位证》【微信：bwp0011】学位证，留信认证（真实可查，永久存档）原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原。 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问微bwp0011 【主营项目】一.毕业证【微bwp0011】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【微bwp0011】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...

IJECEIAES

Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to precisely delineate tumor boundaries from magnetic resonance imaging (MRI) scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The model is rigorously trained and evaluated, exhibiting remarkable performance metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical image analysis and enhance healthcare outcomes. This research paves the way for future exploration and optimization of advanced CNN models in medical imaging, emphasizing addressing false positives and resource efficiency.

The Python for beginners. This is an advance computer language.

sachin chaurasia

Recently uploaded (20)

Engineering Drawings Lecture Detail Drawings 2014.pdf

john krisinger-the science and history of the alcoholic beverage.pptx

Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...

BRAIN TUMOR DETECTION for seminar ppt.pdf

Manufacturing Process of molasses based distillery ppt.pptx

Advanced control scheme of doubly fed induction generator for wind turbine us...

Comparative analysis between traditional aquaponics and reconstructed aquapon...

Null Bangalore | Pentesters Approach to AWS IAM

Software Quality Assurance-se412-v11.ppt

22CYT12-Unit-V-E Waste and its Management.ppt

Certificates - Mahmoud Mohamed Moursi Ahmed

Electric vehicle and photovoltaic advanced roles in enhancing the financial p...

Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt

Hematology Analyzer Machine - Complete Blood Count

132/33KV substation case study Presentation

Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024

LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant

原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样

Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...

The Python for beginners. This is an advance computer language.

Simulation and Tutorial M2 Insecure Data Storage by OWASP Mobile 2016

1. Simulation & Tutorial INSECURE DATA STORAGE by Mobile Top 10 2016 OWASP Rizal Aditya rizaladitya20@yahoo.co.id

2. M2 - Insecure Data Storage This new category is a combination of M2 + M4 from Mobile Top Ten 2014. This covers insecure data storage and unintended data leakage.  This category insecure data storage and unintended data leakage. Data stored insecurely includes, but is not limited to, the following:  SQL databases;  Log files;  XML data stores ou manifest files;  Binary data stores;  Cookie stores;  SD card;  Cloud synced.

3. A. Tools 1. OS Windows 7 Proffesional x64 bit. 2. Genymotion Android Emulator 3.0.3 3. Oracle VM VirtualBox 6.0.4 (Include during Genymotion installation) 4. Root Checker (root-checker-6-4-7.apk) 5. DIVA Damn Insecure and Vulnerable App. apk (diva-beta.apk). Download in references [1].

4. B. Install Genymotion Android Emulator 1. Download an application Genymotion Android Emulator in https://www.genymotion.com/fun-zone/. In this practise use TRIAL version (only 30 days). 2. Then run and install.

5. C. Shell Android Debug Brigde (ADB) Configuration 1. Add the adb location path to the Variables Environment. Control Panel - System - "Advanced system settings". Advanced tab - Environment Variables. Click PATH, then click edit, and add the location path adb.exe (Genymotion). 2. %PY_HOME%;%PY_HOME%Lib;%PY_HOME%DLLs;%PY_HOME%Liblib- tk;C:Program Files (x86)Nmap;C:Program FilesGenymobileGenymotiontools

6. D. How to run Genymotion emulator.  Install one of the emulator phones on Genymotion. Then run by selecting three points, and click start.

7. E. Mount Storage (SD Card)

8. F. Root Android (root-checker-6-4-7.apk)

9. G. DIVA (Damn Insecure and Vulnerable App) APK  For installation, click and hold the file then drag the apk file (diva-beta.apk) into the emulator. Wait until the installation process is complete.  If the apk file is successfully installed, a DIVA shortcut will appear in the emulator. Click to run it.

10. H. Command Shell & Configuration 1. Test whether adb is connected. Check IP on Android system status. PORT 5555 Default Genymotion. Adb connect 192.168.5.4:5555 1. Run the adb shell > adb shell

11. Insecure Data Storage (M2) Technique 1: Stolen Device Technique 2: Malicious App Source: https://www.vaadata.com/blog/mobile-application-security-explained-simply-episode-2/

12. Insecure Data Storage (M2) • The data of an Android application is stored at the location /data/data/<package_name>. • Shared Preference is a way to store data of an Android app in the form of value, key pair. Source: https://tools.androidtamer.com/Training/DIVA/03_Insecure_Data_Storage_P1/

13. Insecure Data Storage (M2) 1. Create Database 2. Save data Source: https://tools.androidtamer.com/Training/DIVA/04_Insecure_Data_Storage_P2/

14. Insecure Data Storage (M2) Source: https://tools.androidtamer.com/Training/DIVA/05_Insecure_Data_Storage_P3/

15. Insecure Data Storage (M2) Source: https://tools.androidtamer.com/Training/DIVA/06_Insecure_Data_Storage_P4/

16. References  https://www.owasp.org/index.php/Mobile_Top_10_2016-M2- Insecure_Data_Storage  https://payatu.com/damn-insecure-and-vulnerable-app  https://www.vaadata.com/blog/mobile-application-security-explained-simply- episode-2  https://tools.androidtamer.com/Training/DIVA/

Editor's Notes

Insecure Data Storage atau Penyimpanan Data Tidak Aman, dapat digambarkan sebagaimana 2 contoh teknik berikut: Teknik 1 konvensional, dimana perangkat dicuri secara fisik, dan mengambil data / PII (Personally Identifiable Information) melalui koneksi device dengan PC. Teknik ini membutuhkan usaha yg keras untuk melakukannya. PII =informasi yang dapat diidentifikasi secara pribadi. Meskipun device dicuri, device2 saat ini mulai ditanamkan smart software seperti pada perangkat Apple dan Android, Remote Lock My Device/Passcode Lock, atau Find My Device untuk menemukan posisi lokasi device yang dicuri, atau remote reset phone. Teknik 2, modern: Melakukan jailbreak yang tertanam aplikasi jahat/malicious,. Aplikasi jahat dapat menyimpan dan mengirim data/informasi sensitif seperti username, password, akun keuangan dll maupun aktivitas korban kepada pelaku. Data dikirim ke server pelaku melalui jaringan yang terhubung ke internet. Selanjutnya akan kita coba skenario, bagaimana data / informasi sensitif ini dapat diakses.>>

Simulation and Tutorial M2 Insecure Data Storage by OWASP Mobile 2016

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to Simulation and Tutorial M2 Insecure Data Storage by OWASP Mobile 2016

Similar to Simulation and Tutorial M2 Insecure Data Storage by OWASP Mobile 2016 (20)

Recently uploaded

Recently uploaded (20)

Simulation and Tutorial M2 Insecure Data Storage by OWASP Mobile 2016

Editor's Notes