Presentation is loading. Please wait.

Presentation is loading. Please wait.

Canberra OWASP Chapter meeting

Published byLindsey Shields Modified over 6 years ago

Similar presentations

Presentation on theme: "Canberra OWASP Chapter meeting"— Presentation transcript:

1 Canberra OWASP Chapter meeting
Andrew Muller Canberra Chapter Leader 19th July 2012

2 Chapter meetings First Wednesday every three months* Next meetings: 4th August 2012 ??? 5th September th December th March 2013*

3 Comms Subscribe to OWASP Canberra mailing list Speak

4 News Formspring – ~?,000,000 accounts Phandroid forums - ~1,000,000 accounts Nvidia forums - ~400,000 accounts Billabong - ~35,000 password Yahoo Voice – ~450,000 passwords billabong, , 12345, passwords , password, welcome, ninja Stored in plaintext FFS!

5 Mobile Security Project
Threat Model Top Ten Risks Top Ten Controls Secure Development Security Testing (guide, GoatDroid, iGoat) Cheat Sheets

6 Top Ten Risks Insecure Data Storage Weak Server Side Controls
Insufficient Transport Layer Protection Client Side Injection Poor Authorization and Authentication Improper Session Handling Security Decisions Via Untrusted Inputs Side Channel Data Leakage Broken Cryptography Sensitive Information Disclosure

7 Top Ten Controls Identify and protect sensitive data on the mobile devices Handle password credentials securely on the device Ensure sensitive data is protected in transit Implement user authentication, authorisation and session management correctly Keep the backend APIs and platform secure Secure data integration with third party services and applications Pay attention to collection and storage of consent for collection and use of user’s data Implement controls to prevent unauthorised access to paid-for resources Ensure secure distribution/provisioning of mobile applications Carefully check any runtime interpretation of code for errors

8 Guest Speaker Jacob West Director Software Security Research at HP Enterprise Security Products

Download ppt "Canberra OWASP Chapter meeting"

Similar presentations

OWASP Mobile Top 10 Beau Woods

OWASP Mobile Top 10 Beau Woods
Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Do’s and Don’ts for web application developers

Do’s and Don’ts for web application developers
OWASP Top 10 Mobile Risks Appsec USA Minneapolis, MN

OWASP Top 10 Mobile Risks Appsec USA Minneapolis, MN
Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!

Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!
SEC835 OWASP Top Ten Project.

SEC835 OWASP Top Ten Project.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Man-In-The-Front Ray Kelly.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Man-In-The-Front Ray Kelly.
OWASP Principles for GIS Data Security Keeping your GIS data secure.

OWASP Principles for GIS Data Security Keeping your GIS data secure.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Metro (down the Tube) Security Testing Windows Store Apps Marion McCune – ScotSTS Ltd.

Metro (down the Tube) Security Testing Windows Store Apps Marion McCune – ScotSTS Ltd.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
PV213 Enterprise Information Systems in Practice 09 – Security, Configuration management PV213 EIS in Practice: 09 – Security, Configuration management.

PV213 Enterprise Information Systems in Practice 09 – Security, Configuration management PV213 EIS in Practice: 09 – Security, Configuration management.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Similar presentations

Ads by Google