Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Application Security Testing (MAST) project Keng Lee March 2016.

Published byKerry Fowler Modified over 8 years ago

Similar presentations

Presentation on theme: "Mobile Application Security Testing (MAST) project Keng Lee March 2016."— Presentation transcript:

1 Mobile Application Security Testing (MAST) project Keng Lee G@apertise March 2016

2 Agenda A Glance The Mobile Application Security Testing White Paper The Following Works 2016/03 2

3 A Glance Mobile Application Security Testing (MAST) project (April, 2015) Mobile Application Security Testing White Paper Proposal (April 2015 ~ October. 2015) –Reference mobility and App security "standard" (NIST-SP800- 163, ISO 27034, OWASP, …). Execution Environment, OS, App Implantation, Data transfer are under the scope –15 meetings, 290 people joined, 620 comments –6 drafts were updated Peer review (November 2015 ~ March 2016) –50s comments and modified –2 online discussion meetings 2016/03 3

4 5. Mobile App Vetting Process 5.1 Mobile App Vetting Scheme 5.2 Mobile App Security Items 5.2.1 Privacy Handling - Privilege Misuse 5.2.2 Privacy Handling - Improper Information Disclosure 5.2.3 Native Security - API/Library Native Risk 5.2.4 Native Security - App Collusion Activity 5.2.5 Native Security - Development Obfuscation Concern 5.2.6 Protection Requirement - Connection Encryption Strength 5.2.7 Protection Requirement - Data Storage Status 5.2.8 Execution Environment - Power Consumption Problem 5.2.9 APP Development Security Item Classification 5.3 Mobile App Management Life Cycle 5.4 Technological Vetting Process and Procedure - Basic Definition Requirements and Objectives 5.5 Technological Vetting Process and Procedure - Vetting Content Classifying and Rating 5.6 Technological Vetting Process and Procedure - Vetting Process and Flow 5.7 Management Cycle of Vetting Process and Procedure 1. Introduction 1.1 Purpose and Scope 1.2 Initial Normative References 1.3 Preliminary Study 1.4 Content Structure 2. Mobile Apps Vetting Issues from Life Cycle Perspective 2.1 Mobile Computing and Apps Security Challenge 2.2 3rd Party App Derived Security Issues 3. Mobile Apps Development Management 4. Mobile Apps Coding and Audit Management Security Issues 4.1 Intentional Misconduct 4.2 Negligence 4.3 Native Problem Mobile Application Security Testing Initiative White Paper TABLE OF CONTENTS 2016/03 4

5 What is the next Promote “ CSA STAR Mobile App Security Certification” 1.Set the “STAR Mobile App Security Certification Project” 2.Define “STAR Mobile App Security Certification” Framework 3.Create CSA CCM Addendum for Mobile App Security Certification set 4.Design the Training courses 5.Pilot sites 2016/03 5

6 STAR Mobile App Security Certification Project Head, Solution Architecture, Strategic Technology Partners, Amazon Web Services Professional –cloud computing, governance, information security and technology management CISA, CISM, CGEIT, CIP CEO, Gapertise, Taiwan Advisor, Mobility Security Council, Govn't of Taiwan Research domain –UWCE/UWSE, MRM, VM, –Open source (Linux), ERP, e Business 2016/03 6 Co-Chair Eric Wang Co-Chair Douglas Lee

7 We are the initiator you are the creator join STAR Mobile App Security Certification Project csa-apac-research@cloudsecurityalliance.org

Download ppt "Mobile Application Security Testing (MAST) project Keng Lee March 2016."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Digital Rights Management © Knowledge Books & Software, 2012.

Digital Rights Management © Knowledge Books & Software, 2012.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Conference Announcements.

Copyright © 2012 Cloud Security Alliance Conference Announcements.
Presented by: Nick McHugh Date: 15/11/2005 Security, Safety, Confidence.

Presented by: Nick McHugh Date: 15/11/2005 Security, Safety, Confidence.
Introduction Cloud characteristics Security and Privacy aspects Principal parties in the cloud Trust in the cloud 1. Trust-based privacy protection 2.Subjective.

Introduction Cloud characteristics Security and Privacy aspects Principal parties in the cloud Trust in the cloud 1. Trust-based privacy protection 2.Subjective.
SQA Work Procedures.

SQA Work Procedures.
1 Digital Circulation Marketing Marketing ROI Project Discovery Phase Update 14 th July 2011.

1 Digital Circulation Marketing Marketing ROI Project Discovery Phase Update 14 th July 2011.
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
United States Department of Justice www.it.ojp.gov/global Global Privacy and Information Quality Working Group Chairman Carl Wicklund.

United States Department of Justice Global Privacy and Information Quality Working Group Chairman Carl Wicklund.
Best Practices Working Group June 19-21, 2001 Munich, Germany.

Best Practices Working Group June 19-21, 2001 Munich, Germany.
1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, 29.10.2001 Peter Gietz

1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, Peter Gietz
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.

SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Introduction to the ISO 27000 series ISO 27000 – principles and vocabulary (in development) ISO 27001 – ISMS requirements (BS7799 – Part 2) ISO 27002 –

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
Strengthening capacities of Supreme Audit Institutions Transregional Capacity Building Programme for Audit of Public Debt Management Public Debt Working.

Strengthening capacities of Supreme Audit Institutions Transregional Capacity Building Programme for Audit of Public Debt Management Public Debt Working.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
ISO 14001 training courses Developed by DOE and IBRAE RAN and conducted at the Training Center “Emergency Response” of the Institute for Advanced Training.

ISO training courses Developed by DOE and IBRAE RAN and conducted at the Training Center “Emergency Response” of the Institute for Advanced Training.

Similar presentations

Ads by Google