Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sioux Falls OWASP Jan-2018 Mobile Top 10

Published byEdwin Phillips Modified over 6 years ago

Similar presentations

Presentation on theme: "Sioux Falls OWASP Jan-2018 Mobile Top 10"— Presentation transcript:

1 Sioux Falls OWASP Jan-2018 Mobile Top 10

2 25 Years in Software Development Banking, Logistics, Medical
About Me Shannon Hofer MetaBank 25 Years in Software Development Banking, Logistics, Medical @76foxtrot

3 M1 - Improper Platform Use
Easy to Exploit Misuse or not using Keychain storage Android intents Follow platform guidelines

4 M2 - Insecure Data Storage
Easy to Exploit Not using secure storage Query String Sensitive Data

5 M3 - Insecure Communication
Easy to Exploit Please use HTTPS/TLS NFC/Bluetooth

6 M4 – Insecure Authentication
Easy to Exploit Hide account info Use Tokens(STS) Multifactor authentication

7 M5 - Insufficient Cryptography
Easy to Exploit Processes behind [en|de]cryption Proper algorithm (AES..)

8 M6 - Insecure Authorization
Easy to Exploit Server not checking authorization Server Config and SSL Device should not be the only thing checking

9 Dig deep into 3rd party libraries
M7 - Client Code Quality Difficult to Exploit Test inputs Dig deep into 3rd party libraries

10 Decompiling and adding backdoors then sending back to the app stores
M8 - Code Tampering Easy to Exploit Decompiling and adding backdoors then sending back to the app stores Add tamper proofing

11 M9 - Reverse Engineering
Easy to Exploit Use obfuscators Increase the logic complexity

12 M10 - Extraneous Functionality
Easy to Exploit Remove developer debug functions Code review process Clean Coding

13 Resources Mobile Top Top 10 NowSecure

14 Conclusion Thank

Download ppt "Sioux Falls OWASP Jan-2018 Mobile Top 10"

Similar presentations

Cracking the Code of Mobile Application OWASP APPSEC USA 2012

Cracking the Code of Mobile Application OWASP APPSEC USA 2012
OWASP Mobile Top 10 Beau Woods

OWASP Mobile Top 10 Beau Woods
Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!

Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!
An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities Vasant Tendulkar NC State University William.

An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities Vasant Tendulkar NC State University William.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Reverse Engineering v/s Secure Coding.. What is Secure Coding? Is Secure Coding simply avoiding certain already discovered vulnerable functions? Is Secure.

Reverse Engineering v/s Secure Coding.. What is Secure Coding? Is Secure Coding simply avoiding certain already discovered vulnerable functions? Is Secure.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Man-In-The-Front Ray Kelly.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Man-In-The-Front Ray Kelly.
Submitted by- Mr. Avinash Sadaphule 20 November 2009 Management Trainee, MKCL.

Submitted by- Mr. Avinash Sadaphule 20 November 2009 Management Trainee, MKCL.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.

IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
CONFIDENTIAL & PROPRIETARY 1 WAF and Identity and Access Management Integration The Next Step in the Evolution of Application Security Best Practices Jan.

CONFIDENTIAL & PROPRIETARY 1 WAF and Identity and Access Management Integration The Next Step in the Evolution of Application Security Best Practices Jan.
The 10 Most Critical Web Application Security Vulnerabilities

The 10 Most Critical Web Application Security Vulnerabilities
Metro (down the Tube) Security Testing Windows Store Apps Marion McCune – ScotSTS Ltd.

Metro (down the Tube) Security Testing Windows Store Apps Marion McCune – ScotSTS Ltd.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

Similar presentations

Ads by Google