Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Published byKory Jenkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."— Presentation transcript:

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org OWASP Mobile Security Project Top 10 Mobile security threats 2014 Neil Dixley @neildixley www.neildixley.com 29 Sept 2015

2 OWASP Introduction Previously: In a movie ‘fly me to heaven’ with Cat from Red Dwarf Platform Team for First Union National Bank Tombola Sage Currently: at Atom Bank in Durham

3 OWASP Tonight's Agenda Mobile Security? OWASP Mobile Security Project A run down of the top ten mobile threats Interspersed with some of the other resources available from OWASP Go to the pub

4 OWASP OWASP Mobile Security Project …is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications The OWASP Mobile Security project was announced in Q32010 Top 10 Mobile Threats Emmy's Tools Cheat Sheets

5 OWASP

6 M1 - Weak Server Side Controls Basically its the server team's fault Implement a SDLC on the server team Start with the OWASP Top 10

7 OWASP M2 - Insecure Data Storage Don't store anything on the device Use OAuth 2 for authentication

8 OWASP M3 - Insufficient Transport Layer Protection Know and trust your certificates Don't use insecure channels like SMS Certificate Pinning

9 OWASP M4 - Unintended Data Leakage What are you logging? String Constants Cryptography Keys

10 OWASP Tools Part 1 iMas MobiSec Slaughtered Goats

11 OWASP MobiSec

12 OWASP iMAS - iOS Mobile Application Security

13 OWASP Slaughtered Goats

14 OWASP M5 - Poor Authorisation and Authentication No local authentication Use device specific token Avoid spoof-able metrics

15 OWASP M6 - Broken Cryptography You didn’t make up your own did you? Hard coded keys Depreciated Algorythms

16 OWASP M7 - Client Side Injection Webviews still vunerable Data read from SQLLite or local databases Classic ‘C’ code overruns

17 OWASP M8 - Security Decisions by Untrusted Inputs Inter Process Communication vulnerabilities Workflow resources Serialization

18 OWASP Tools Part 2 NowSecure Lab: Community Edition OWASP SeraphimDroid Project Cheat Sheets

19 OWASP NowSecure Lab: Community Edition

20 OWASP OWASP SeraphimDroid Project

21 OWASP Cheat Sheets Cheat sheets provide the information most relevant to a developer or security engineer with minimal "fluff" Device specific mitigations

22 OWASP M9 - Improper Session Handling Failure to invalidate sessions Timeout and background handling

23 OWASP M10 - Lack of Binary Protections Obfuscation is difficult OWASP RECMPP

24 OWASP Get Involved! Join the mailing lists Submit to the mailing lists Write Open Source Code Present at an OWASP Chapter

25 OWASP Conclusion I only do this for the free beer

Download ppt "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."

Similar presentations

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
OWASP Mobile Top 10 Beau Woods

OWASP Mobile Top 10 Beau Woods
OWASP Top 10 Mobile Risks Appsec USA Minneapolis, MN

OWASP Top 10 Mobile Risks Appsec USA Minneapolis, MN
Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!

Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!
SEC835 OWASP Top Ten Project.

SEC835 OWASP Top Ten Project.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Man-In-The-Front Ray Kelly.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Man-In-The-Front Ray Kelly.
A Demo of and Preventing XSS in.NET Applications.

A Demo of and Preventing XSS in.NET Applications.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Metro (down the Tube) Security Testing Windows Store Apps Marion McCune – ScotSTS Ltd.

Metro (down the Tube) Security Testing Windows Store Apps Marion McCune – ScotSTS Ltd.
Copyright © 2008 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Introduction to Application Penetration Testing

Introduction to Application Penetration Testing
PV213 Enterprise Information Systems in Practice 09 – Security, Configuration management PV213 EIS in Practice: 09 – Security, Configuration management.

PV213 Enterprise Information Systems in Practice 09 – Security, Configuration management PV213 EIS in Practice: 09 – Security, Configuration management.

Similar presentations

Ads by Google