Mobile Application Security Testing (MAST) project Keng Lee March 2016.

Slides:

Advertisements

Similar presentations

IT Security Policy Framework

Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Digital Rights Management © Knowledge Books & Software, 2012.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Copyright © 2012 Cloud Security Alliance Conference Announcements.

Presented by: Nick McHugh Date: 15/11/2005 Security, Safety, Confidence.

Introduction Cloud characteristics Security and Privacy aspects Principal parties in the cloud Trust in the cloud 1. Trust-based privacy protection 2.Subjective.

SQA Work Procedures.

1 Digital Circulation Marketing Marketing ROI Project Discovery Phase Update 14 th July 2011.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

United States Department of Justice Global Privacy and Information Quality Working Group Chairman Carl Wicklund.

Best Practices Working Group June 19-21, 2001 Munich, Germany.

1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, Peter Gietz

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –

Strengthening capacities of Supreme Audit Institutions Transregional Capacity Building Programme for Audit of Public Debt Management Public Debt Working.

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

ISO training courses Developed by DOE and IBRAE RAN and conducted at the Training Center “Emergency Response” of the Institute for Advanced Training.

National Institute of Standards and Technology Information Technology Laboratory 1 USG Cloud Computing Technology Roadmap Next Steps NIST Mission: To promote.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Intelligent & Integrated Buildings Industry Roundtable Agenda Introduction Introduction  Ron Zimmer - CABA IIBC UpdateIIBC Update  Tom Lohner.

Welcome and Introduction to the Security Task Force Joy Hughes Co-Chair, Security Task Force Vice President and Chief Information Officer George Mason.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

MIS 5214 Security Architecture Greg Senko Security Architecture - Week 6 - Application Architecture.

Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.

Implementation of Markets in Financial Instruments Directive (MiFID) Toni Lukšić Croatian Financial Services Supervisory Agency Split, 14 June 2007.

GOTBACKUP THE BEST BACKUP SOLUTIONS. SIGN UP TODAY! CLICK HERECLICK HERE.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.

CEN/TC 381 Management consultancy services Resolutions adopted in Milan meeting, 9-10 March

Frontline Enterprise Security

© Cloud Security Alliance, 2015 Wilco van Ginkel, Co-Chair BDWG.

Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology.

Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.

Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.

IoT Trust Framework leading to self regulation code of conduct and certification models Craig Spiezle Executive Director & President Online.

Standards and Guidelines Working Group Status Updates 2005 Jun 09 Washington DC Critical Infrastructure Protection Committee Public Release.

Government and Industry IT: one vision, one community Vice Chairs April Meeting Agenda Welcome and Introductions GAPs welcome meeting with ACT Board (John.

ISECON Columbus, Ohio - October 7, 2005 Whither IS? Issues and Problems in Classifying CC2005 Programs Using CIP Codes Paul Leidig, George Nezlek,

PRIVACYRELIABILIT Y SECURITY Secures against attacks Protects confidentiality, integrity, and availability of data and systems Helps manage risk Protects.

Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.

Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.

Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Chang, Wen-Hsi Division Director National Archives Administration, 2011/3/18/16:15-17: TELDAP International Conference.

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.

Total Enterprise Mobility Comprehensive Management and Security

Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health

GT1 - MODELOS, FRAMEWORKS E ARQUITETURAS APRESENTAÇÃO DA NORMA – GT4 ISO TS 21547:2010 “Health informatics — Security requirements for archiving of electronic.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

Cloud-Computing Cloud Web-Blog Software Application Download Software.

UW-Madison Guidelines for Managing the Records of Departing Employees*

Dr. Ir. Yeffry Handoko Putra

Hot Topics:Mobility in the Cloud

Auditing Cloud Services

SIX NATIONS OF THE GRAND RIVER

Data protection certification and cloud computing

Cyber Security 2017 Trends and Start Ups.

CS 490/CIS 790 Information System Security

Critical Infrastructure Protection Committee

The General Data Protection Regulation: Are You Ready?

AGENDA ITEM G.7 electronic Monitoring - Review of Existing and Out-of-Cycle Exempted Fishing Permits (EFPs) Agenda Item G.7 Supplemental Staff Presentation.

Item 2.2 of the Agenda Remote access to confidential data for researchers: possible actions under the 7th Framework Programme Pascal JACQUES Unit B 5 15.

DRAFT ISO 10007:2017 Revision Overview Quality management – Guidelines for configuration management ISO/TC176 TG 01.

IT Management, Simplified

Presentation transcript:

Mobile Application Security Testing (MAST) project Keng Lee March 2016

Agenda A Glance The Mobile Application Security Testing White Paper The Following Works 2016/03 2

A Glance Mobile Application Security Testing (MAST) project (April, 2015) Mobile Application Security Testing White Paper Proposal (April 2015 ~ October. 2015) –Reference mobility and App security "standard" (NIST-SP , ISO 27034, OWASP, …). Execution Environment, OS, App Implantation, Data transfer are under the scope –15 meetings, 290 people joined, 620 comments –6 drafts were updated Peer review (November 2015 ~ March 2016) –50s comments and modified –2 online discussion meetings 2016/03 3

5. Mobile App Vetting Process 5.1 Mobile App Vetting Scheme 5.2 Mobile App Security Items Privacy Handling - Privilege Misuse Privacy Handling - Improper Information Disclosure Native Security - API/Library Native Risk Native Security - App Collusion Activity Native Security - Development Obfuscation Concern Protection Requirement - Connection Encryption Strength Protection Requirement - Data Storage Status Execution Environment - Power Consumption Problem APP Development Security Item Classification 5.3 Mobile App Management Life Cycle 5.4 Technological Vetting Process and Procedure - Basic Definition Requirements and Objectives 5.5 Technological Vetting Process and Procedure - Vetting Content Classifying and Rating 5.6 Technological Vetting Process and Procedure - Vetting Process and Flow 5.7 Management Cycle of Vetting Process and Procedure 1. Introduction 1.1 Purpose and Scope 1.2 Initial Normative References 1.3 Preliminary Study 1.4 Content Structure 2. Mobile Apps Vetting Issues from Life Cycle Perspective 2.1 Mobile Computing and Apps Security Challenge 2.2 3rd Party App Derived Security Issues 3. Mobile Apps Development Management 4. Mobile Apps Coding and Audit Management Security Issues 4.1 Intentional Misconduct 4.2 Negligence 4.3 Native Problem Mobile Application Security Testing Initiative White Paper TABLE OF CONTENTS 2016/03 4

What is the next Promote “ CSA STAR Mobile App Security Certification” 1.Set the “STAR Mobile App Security Certification Project” 2.Define “STAR Mobile App Security Certification” Framework 3.Create CSA CCM Addendum for Mobile App Security Certification set 4.Design the Training courses 5.Pilot sites 2016/03 5

STAR Mobile App Security Certification Project Head, Solution Architecture, Strategic Technology Partners, Amazon Web Services Professional –cloud computing, governance, information security and technology management CISA, CISM, CGEIT, CIP CEO, Gapertise, Taiwan Advisor, Mobility Security Council, Govn't of Taiwan Research domain –UWCE/UWSE, MRM, VM, –Open source (Linux), ERP, e Business 2016/03 6 Co-Chair Eric Wang Co-Chair Douglas Lee

We are the initiator you are the creator join STAR Mobile App Security Certification Project