Taewan kang, Kevin huangfu Application Security Taewan kang, Kevin huangfu
Importance of Application Security http://www.quotium.com/content/uploads/2014/10/quotium-2014- 1.jpg
Did we get better? According to IBM X-Force, the annual growth rate in disclosed application vulnerabilities was 60% from 1996 to 2006, and is only 9% from 2006 to 2014.
How it improved? more compliance standards adopting secure coding practices.
Two-Factor Authentication Multi-Factor Authentication One-Factor: Something the user knows (i.e. password) Two-Factor: Something the user has (i.e. verification code) Three-Factor: Something the user is (i.e. fingerprint scan)
How It Works A secondary check in addition to a password (one-factor) Uses tokens during a secondary authentication step Tokens Hard Tokens: hardware devices that user carries Soft Tokens: software-based security tokens
Mobile Authentication Hard token Soft Token Three-Factor
Pros and Cons: Two-Factor Provides high level protection at reasonable costs (98% coverage) Easy to implement Many ways to implement Less effective than three-factor authentication (99.99% coverage) Near useless if hackers hack into your method of secondary authentication
Web-Application Demonstration https://twofactorauthtest.herokuapp.com/
Simple Mail Transfer Protocol Simple Mail Transfer Protocol (SMTP) Internet standard for electronic mail SMTP servers are responsible for email delivery