Presentation is loading. Please wait.

Presentation is loading. Please wait.

James F. Fox MENA Cyber Security Practice Lead Presenters Cyber Security in a Mobile and “Always-on” World Booz | Allen | Hamilton.

Published byJosephine Henry Modified over 7 years ago

Similar presentations

Presentation on theme: "James F. Fox MENA Cyber Security Practice Lead Presenters Cyber Security in a Mobile and “Always-on” World Booz | Allen | Hamilton."— Presentation transcript:

1 James F. Fox MENA Cyber Security Practice Lead Presenters Cyber Security in a Mobile and “Always-on” World Booz | Allen | Hamilton

2 Let me tell you a story… About a man… … his phone…

3 … and his Bank. Normally this is a private affair… Normally.

4 Today is something different Someone is watching Everything on the phone EVERYTHING…

5 So when the man uses his phone to do a money transfer… …Something different is happening today

6 Someone is in the middle with a front row seat to everything …This watcher sees what they see… … anything that happens on the phone… … data, SMS, transmissions… …anything. How Did This Happen? This means that they can do whatever the man can do

7 The man’s phone has been hacked… … and now gives up all of its secrets.

8 Who does this? But more and more… …it’s a team… …who isn’t? Single Hackers Script Kiddies A better question… …and a Business Hacker, Inc. For All Your Nefarious Needs Over 5,000,000 Hacked

9 Today hacking is self service …and it is just getting started. About as difficult as buying on Amazon… How-to Guides Custom Made Malware “Renting” Infected Machines Today cyber attack are: Easy to build Uses highly paid specialists Highly distributed Are “For Profit” Today cyber attack are: Easy to build Uses highly paid specialists Highly distributed Are “For Profit”

10 How can the enterprise protect itself? Mobile App Data In-motion Mobile Backend You need to protect it all. Any vulnerability at any layer creates a path to a successful exploit

11 Bad actors take advantage of all of the vulnerabilities… Mobile Comms Mobile AppBackend Infrastructure Application Back Doors Decompiling an Application Abuse of a Device Feature Successful Exploit Borrowed or Stolen Device Mobile Web Service Attack …so you have to protect against all of them

12 Mobile Application Mobile Communication Backend Infrastructure Borrowed or Stolen Device Application Back Doors Mobile Web Service Attack Decompiling an Application Abuse of a Device Feature Successful Exploit We need to develop strategies that address each of the threats Protection or Control

13 How do they hack a phone? How Can a Phone Hack Happen? Stolen Device Installing a Malicious App Attacks on the Mobile Backend Modifying a Trusted App Abuse of a Device Feature There are 5 ways… … and only one needs to work

14 There are ten mobile app vulnerabilities to address… Source: OWASP Insecure Data Storage 1 1 Weak Server Side Controls 2 2 Transport Layer Penetration 3 3 Client Side Injection 4 4 Poor Authentication 5 5 Improper Session Handling 6 6 Security Decisions via Untrusted Inputs 7 7 Side Channel Leakage 8 8 Broken Encryption 9 9 Sensitive Data Disclosure 10

15 Key Mobile Security “Take Aways” 6 Key Points To Remember There is no Silver Bullet to Mobile App Security Use Defense-in-Depth Follow a Stringent Process During App Dev Do not Integrate Mobile Apps Directly into the Enterprise Test, Test, Test… Third Party Code Review & Pen-Testing

16 James F. Fox MENA Cyber Security Practice Lead +971 56 688 6043 Mobile fox_james@bah.com Presenters Thank You!

17 17

Download ppt "James F. Fox MENA Cyber Security Practice Lead Presenters Cyber Security in a Mobile and “Always-on” World Booz | Allen | Hamilton."

Similar presentations

OWASP Mobile Top 10 Beau Woods

OWASP Mobile Top 10 Beau Woods
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
OWASP Top 10 Mobile Risks Appsec USA Minneapolis, MN

OWASP Top 10 Mobile Risks Appsec USA Minneapolis, MN
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Man-In-The-Front Ray Kelly.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Man-In-The-Front Ray Kelly.
Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.

Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Application Security: What Does it Take to Build and Test a “Trusted” App? John Dickson, CISSP Denim Group.

Application Security: What Does it Take to Build and Test a “Trusted” App? John Dickson, CISSP Denim Group.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Software Security Course Course Outline 2-27-09. Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Similar presentations

Ads by Google