Download presentation
Presentation is loading. Please wait.
Published byNathalie Paquette Modified over 5 years ago
1
Sioux Falls OWASP Jan-2018 Mobile Attack Surface
2
25 Years in Software Development Banking, Logistics, Medical
About Me Shannon Hofer MetaBank 25 Years in Software Development Banking, Logistics, Medical @76foxtrot
3
Three Attack Surfaces The Data Center The Network The Device
4
Platform – Standard security patching and procedures
The Data Center Platform – Standard security patching and procedures Configs – Web servers.. ** OWASP Top 10
5
WiFi Encryption - None or weak
The Network WiFi Encryption - None or weak Rogue Access Point - Who has a pineapple? Wiresharking MITM SLStrip: Downgrade to HTTP Session Hijacking DNS Poisoning Fake Certs
6
Preloaded Apps(Browser, Mail..)
The Device Preloaded Apps(Browser, Mail..) User Apps - why does the flashlight need my contacts? Phone/Network Operating System RF - Bluetooth and baseband
7
Preloaded Apps and User Apps
Browser - Samsung issues with CORS Phishing Framing Link/Clickjacking Drive-By downloading(downloading without user knowing) MitMo(Meltdown/Spectre)
8
Recent Hardware issues(Meltdown/Spectre) Rooting/JailBreaking
Phone/SMS SMSishing BaseBand attacks RF(bluejacking, NFC..) Recent Hardware issues(Meltdown/Spectre) Rooting/JailBreaking
9
Each vendor maintains a list Load the updates
Operating System Each vendor maintains a list Load the updates
10
Resources NowSecure - Secure Mobile Development ebook
NowSecure - 5 Mobile App MUST DOs in 2018 presentation Mobile Top Top 10 Security Weekly Youtube Channel
11
Conclusion Thank
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.