Mobile hacking. Marit Iren Rognli Tokle
|
|
- Evan Hancock
- 5 years ago
- Views:
Transcription
1 Mobile hacking Marit Iren Rognli Tokle
2 «Hacker boss Marit» Software Engineer at Sopra Steria Leading TG:Hack, Norways largest hacking competition Leading UiO-CTF with Laszlo Shared 1st place in the qualification round of Norwegian Cyber Security Championship 2018
3 Agenda Mobile security primer Attack surface OWASP Top 10 Mobile Tools
4 1.Mobile security primer
5 But mobile is safe right? 7 billion devices, 10 billion by million mobile devices stolen yearly 25% of mobile devices run into a threat monthly - - -
6 75% increase in malware yearly 75% apps fail basic security tests 56% IT admins admit unlikely to detect mobile threats malicious apps installed on employee devices - - -
7 Mobile security challenges Mobile and web Wide audience Rapid development Focus on security among developers Continuous network connectivity Traditional fat client applications Buffer management Local encryption Malware Unique to mobile Applications coming from unknown developers who should be considered untrusted
8 2.Attack Surface
9
10
11 3. OWASP Top 10 Mobile
12
13
14 Let s get started 1 2-3
15 With.. Android hacking
16 Three steps to get Java source code 1. Download from Google Play Store 2. Decompile APK 3. Extract source code
17 Downloading APK files from Google Play Store General In CTFs, they will usually provide you with the APK file Sometimes as a pentester, you will need to get the APK yourselves Protip: Use CMD (not Powershell) when using Windows Fetching Using gp-download Set environment variables: GOOGLE_LOGIN=<replace-with-real-value> GOOGLE_PASSWORD=<replace-with-real-value> ANDROID_ID=<replace-with-real-value>. You may find the id (GSF) using the Device ID app. Enable Allow less secure app`. $ gp-download package-name > package-name.apk
18
19
20
21 Decompile with apktool General An APK is a zipped folder containing.. Dalvik? What the...dex files Binary files Decompiling Using apktool $ apktool d appname.apk
22
23
24 Extract Java source code from APK General SMALI?! ~ Mobile app assembly code Extract Java source code Using jadx-gui $ jadx-gui appname.apk
25
26 Rebuild APK with apktool 1. Make changes to Smali code 2. Rebuild the app 3. Sign the app Using apktool $ apktool b /appfolder/ $ keytool $ jarsigner
27 Rebuild APK with apktool
28 Let s do some hacking
29 But first.. Android Debug Bridge adb is a very nice command line tool that lets you communicate with an emulator instance or with a connected Android device. adb commands adb shell adb logcat adb install <appname.apk> adb push <srcaddr> <destaddr> adb pull <srcaddr> <destaddr>
30 1. Insecure data storage General Critical data includes account credentials, PII, address, geolocation, IMEI, serial number, wifi info ++. Stored in SQLite DB Log files Plist files XML data stores or manifest files Binary data stores Cookies stores SD cards > Hacking Shared preferences SQLite database SD Card Any application can read contents of SD Card No file permissions on SD Card
31 > Shared preferences key-value pairs E.g. storage of user settings and application data Remember to run the app once!
32 Shared preferences
33 > SQLite database Often used in apps Open-source no need of server
34 > SQLite database Using SQLite from the command line Run $ sqlite3 \<dbname.db>.. and: To dump the schema:.schema List databases:.databases List tables:.tables Dump a table:.dump <tablename>
35 2. Insecure communication General Critical data includes account credentials, PII, address, geolocation, IMEI, serial number, wifi info and more. Security bugs include SSL/TLS certificate issues Poor handshake HTTP transfer of data in clear text Common developer mistakes Accepting self-signed certificates. Setting a permissive hostname verifier > Hacking MITM: capture, view, and modify traffic sent and received between app and server. Forging requests without MITM.
36 Man In The Middle - Burpsuite
37 Man In The Middle - Emulator
38 3. Extraneous functionality General Backdoors or security controls helpful during development Information examples back-end test, demo, staging or UAT environments administrative endpoints two-factor authentication bypass for dev/testing > Hacking Set debug flag Reading logs Find endpoints for devs/admin Other loopholes $ adb logcat [-b buffername] A very concerning 92% of Android apps tested have extraneous functionality issues while only a very small 2% of ios apps show these issues.
39 3. Extraneous functionality
40 3. Extraneous functionality Best practice DON T PUSH IT TO PRODUCTION!! Remove method calls to log class for release builds Disable ANDROID:DEBUGGABLE flag in production builds. On ios disable NSLog statements.
41 4.Tools
42 Tools list for workshop tomorrow! Mobile tools Android Studio (with emulator!) APKtool jadx-gui adb Frida keytool Vulnerable app InsecureBankv2 droid-insecurebankv2 MITM: Burpsuite Find more on my github:
43 Sources NowSecure online book about secure coding of mobile apps NowSecure short article intro on online book, containing links to best practices to prevent common security vulnerabilities. Blogpost Microsoft - Top 5 Mobile App Security Failures and How To Prevent Them Pluralsight, Ethical hacking: Hacking Mobile Platforms
44
OWASP German Chapter Stammtisch Initiative/Ruhrpott. Android App Pentest Workshop 101
OWASP German Chapter Stammtisch Initiative/Ruhrpott Android App Pentest Workshop 101 About What we will try to cover in the first session: Setup of a Mobile Application Pentest Environment Basics of Mobile
More informationTales of Practical Android Penetration Testing (Mobile Pentest Toolkit) Alexander Subbotin OWASP Bucharest AppSec 2018
Tales of Practical Android Penetration Testing (Mobile Pentest Toolkit) Alexander Subbotin OWASP Bucharest AppSec 2018 About Me About Me IT Security Consultant (https://subbotin.de) Penetration Tester/Ethical
More informationAbusing Android In-app Billing feature thanks to a misunderstood integration. Insomni hack 18 22/03/2018 Jérémy MATOS
Abusing Android In-app Billing feature thanks to a misunderstood integration Insomni hack 18 22/03/2018 Jérémy MATOS whois securingapps Developer background Worked last 12 years in Switzerland on security
More informationThursday, October 25, 12. How we tear into that little green man
How we tear into that little green man Who are you?! Mathew Rowley (@wuntee) Senior security consultant at Matasano Agenda Techniques MITM - SSL Static analysis -> Skype secret menu Modifying an app ->
More informationThe Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez
The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony
More informationRISKS HIDING IN PLAIN SIGHT: MOBILE APP CYBER THREAT & VULNERABILITY BENCHMARKS. BRIAN LAWRENCE SENIOR SECURITY ENGINEER
RISKS HIDING IN PLAIN SIGHT: MOBILE APP CYBER THREAT & VULNERABILITY BENCHMARKS BRIAN LAWRENCE SENIOR SECURITY ENGINEER blawrence@nowsecure.com Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary
More informationMobile Hacking & Security. Ir. Arthur Donkers & Ralph Moonen, ITSX
Mobile Hacking & Security Ir. Arthur Donkers & Ralph Moonen, ITSX Introduction Who we are: Ir. Arthur Donkers Ralph Moonen ITSX 2 Agenda Mobile Threats BYOD iphone and Android hacking 3 Threats Various:
More informationManage Mobile Security Incidents Like A Boss
Manage Mobile Security Incidents Like A Boss Ismail Guneydas Security Manager/Faculty Kimberly Clark/Texas A&M 10/02/2015 Legal Notice From My Lawyer The opinions expressed in this presentation represent
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationBreaking and Securing Mobile Apps
Breaking and Securing Mobile Apps Aditya Gupta @adi1391 adi@attify.com +91-9538295259 Who Am I? The Mobile Security Guy Attify Security Architecture, Auditing, Trainings etc. Ex Rediff.com Security Lead
More informationAndroid security enforcements
Android security enforcements Hello DroidCon! Javier Cuesta Gómez Android Engineer manager @Grab Android 2017 security 450 reports $1.1 payout The most difficult OWASP security risks: Unintended data leakage
More informationTale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS
Tale of a mobile application ruining the security of global solution because of a broken API design SIGS Geneva 21/09/2016 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationTopics. Ensuring Security on Mobile Devices
Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that
More informationISACA Mobile Computing
ISACA Mobile Computing Welcome welcome to my presentation ISACA Leeds 18th November 2015 Please save all questions until the end of the presentation Let`s start! Introduction to Mobile Why mobile OWASP
More informationAndroid Analysis Tools. Yuan Tian
Android Analysis Tools Yuan Tian Malware are more creative: XcodeGhost More than 300 a pps are infected, including wechat and netease Collect device ID, Apple ID and p assword 10/3/15 CMU Mobile Security
More informationAHNLAB 조주봉 (silverbug)
AHNLAB 조주봉 (silverbug) Android Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Application framework Dalvik virtual machine Integrated
More informationTECHNICAL WHITE PAPER Penetration Test. Penetration Test. We help you build security into your software at every stage. 1 Page
Penetration Test We help you build security into your software at every stage 1 Page Table of Contents 1 Overview... 3 2 Penetration Test Services Overview... 4 2.1 Values of penetration testing... 4 2.2
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationME?
ME? VULNEX: Blog: Twitter: www.vulnex.com www.simonroses.com @simonroses TALK OBJECTIVES Apps are the new Web Peek into current state of Apps security on Markets Bugs will be revealed but not the victims
More informationMobile and Wireless Systems Programming
to Android Android is a software stack for mobile devices that includes : an operating system middleware key applications Open source project based on Linux kernel 2.6 Open Handset Alliance (Google, HTC,
More informationThe Android security jungle: pitfalls, threats and survival tips. Scott
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Google s protection Threats Risks Survival Network Data protection (encryption) App/device
More informationdroidcon Greece Thessaloniki September 2015
droidcon Greece Thessaloniki 10-12 September 2015 Reverse Engineering in Android Countermeasures and Tools $ whoami > Dario Incalza (@h4oxer) > Application Security Engineering Analyst > Android Developer
More informationMan-In-The-Browser Attacks. Daniel Tomescu
Man-In-The-Browser Attacks Daniel Tomescu 1 About me Work and education: Pentester @ KPMG Romania Moderator @ Romanian Security Team MSc. Eng. @ University Politehnica of Bucharest OSCP, CREST CRT Interests:
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationWhen providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS
When providing a native mobile app ruins the security of your existing web solution CyberSec Conference 2015 05/11/2015 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationhidden vulnerabilities
hidden vulnerabilities industrial networks in 30 minutes Cyber Security introduction Frank Kemeling Certified Ethical Hacker [CEH] EC-Council Certified Security Analyst [ESCA] Licensed Penetration Tester
More information1 About Web Security. What is application security? So what can happen? see [?]
1 About Web Security What is application security? see [?] So what can happen? 1 taken from [?] first half of 2013 Let s focus on application security risks Risk = vulnerability + impact New App: http://www-03.ibm.com/security/xforce/xfisi
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationMBFuzzer - MITM Fuzzing for Mobile Applications
MBFuzzer - MITM Fuzzing for Mobile Applications Fatih Özavcı Mentor of MBFuzer @ yakindanegitim.org fatih.ozavci at gamasec.net gamasec.net/fozavci Scope Yakindan Egitim Project Security Vulnerabilities
More informationThe digital copy of this thesis is protected by the Copyright Act 1994 (New Zealand).
http://researchcommons.waikato.ac.nz/ Research Commons at the University of Waikato Copyright Statement: The digital copy of this thesis is protected by the Copyright Act 1994 (New Zealand). The thesis
More informationEthical Hacking. Content Outline: Session 1
Ethical Hacking Content Outline: Session 1 Ethics & Hacking Hacking history : How it all begin - Why is security needed? - What is ethical hacking? - Ethical Hacker Vs Malicious hacker - Types of Hackers
More informationLab 4 In class Hands-on Android Debugging Tutorial
Lab 4 In class Hands-on Android Debugging Tutorial Submit lab 4 as PDF with your feedback and list each major step in this tutorial with screen shots documenting your work, i.e., document each listed step.
More informationBUILDING A TEST ENVIRONMENT FOR ANDROID ANTI-MALWARE TESTS Hendrik Pilz AV-TEST GmbH, Klewitzstr. 7, Magdeburg, Germany
BUILDING A TEST ENVIRONMENT FOR ANDROID ANTI-MALWARE TESTS Hendrik Pilz AV-TEST GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany Email hpilz@av-test.de ABSTRACT The growth of the Smartphone market over the
More informationCourse 834 EC-Council Certified Secure Programmer Java (ECSP)
Course 834 EC-Council Certified Secure Programmer Java (ECSP) Duration: 3 days You Will Learn How To Apply Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class
More informationCh 7: Mobile Device Management. CNIT 128: Hacking Mobile Devices. Updated
Ch 7: Mobile Device Management CNIT 128: Hacking Mobile Devices Updated 4-4-17 What is MDM? Frameworks that control, monitor, and manage mobile devices Deployed across enterprises or service providers
More informationOpen Lecture Mobile Programming. Command Line Tools
Open Lecture Mobile Programming Command Line Tools Agenda Setting up tools Android Debug Bridge (ADB) Gradle Setting up tools Find path of Android SDK Default paths: Windows - C:\Users\\AppData\Local\Android\sdk
More informationHacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center
Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity
More informationITG Software Engineering
Android Security Course ID: Page 1 Last Updated 12/15/2014 Android Security ITG Software Engineering Course Overview: This 5 day course covers the Android architecture, the stack, and primary building
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationMobile devices boon or curse
Mobile devices boon or curse Oliver Ng - Director of Training Kishor Sonawane - India Lead Security Compass Consulting & Training Consumerization According to Apple s chief operating officer, 65 percent
More informationHacking a Moving Target
Hacking a Moving Target Mobile ApplicaLon PenetraLon Chris Cuevas Senior Security Consultant ccuevas@secureideas.net Office - 904-639- 6709 2012 Secure Ideas LLC hdp://www.secureideas.net Chris Cuevas
More informationIntrospy Security Profiling for Blackbox ios and Android. Marc Blanchou Alban Diquet
Introspy Security Profiling for Blackbox ios and Android Marc Blanchou Alban Diquet Introduction What is it about? Tool release: Introspy Security profiler for ios and Android applications Useful to developers,
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationHardcore PI System Hardening
Hardcore PI System Hardening Jozef Sujan, Lubos Mlcoch 1 Agenda 1. No-nonsense approach to Cyber Security 2. The Power of... PowerShell 3. Deadly Sins of PI Administrators Note: All examples in this presentation
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationHow to secure your mobile application with RASP
How to secure your mobile application with RASP Webinar - 13 December 2016 Agenda 1. Mobile Application Security Risk categories Protection layers including RASP Dirk Denayer Enterprise & Application Security
More informationMcAfee MVISION Mobile Threat Detection Android App Product Guide
McAfee MVISION Mobile Threat Detection Android App 1809.4.7.0 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,
More informationThe missing link in the chain? Android network analysis. Rowland Yu Senior Threat Researcher II
The missing link in the chain? Android network analysis Rowland Yu Senior Threat Researcher II Facts Facts Monthly Sample Doubled from 2015 to 2018 600000 Monthly Android Malware Statistics: from September
More informationBackdooring the Front Door
Backdooring the Front Door About me Software Engineer by trade Hacker by passion Lock picker for fun The best puzzles are not meant to be solved All opinions are my own, and may not reflect those of my
More informationHACKING AND SECURING IOS APPLICATIONS
HACKING AND SECURING IOS APPLICATIONS -Satish B Agenda ios Security Concepts Loopholes in ios Hacking & Securing ios Applications How does loophole in ios affects the apps How easy it s to steal data from
More informationNew World, New IT, New Security
SESSION ID: GPS1-R08 New World, New IT, New Security Jackie Chen Chief Product & Marketing Officer Sangfor Technologies (HQ) #RSAC New World, New IT, New Security Internet of Things BYOD Cloud Estimated
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationAndroid System Development Training 4-day session
Android System Development Training 4-day session Title Android System Development Training Overview Understanding the Android Internals Understanding the Android Build System Customizing Android for a
More informationMOBILE THREAT LANDSCAPE. February 2018
MOBILE THREAT LANDSCAPE February 2018 WHERE DO MOBILE THREATS COME FROM? In 2017, mobile applications have been a target of choice for hackers to access and steal data, with 86% of mobile threats coming
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More informationESET ENDPOINT SECURITY FOR ANDROID
ESET ENDPOINT SECURITY FOR ANDROID Installation Manual and User Guide Click here to download the most recent version of this document Contents 1. Installation...3 of ESET Endpoint Security 1.1 Installation...3
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationWeb Applications Penetration Testing
Web Applications Penetration Testing Team Members: Rahul Motwani (2016ME10675) Akshat Khare (2016CS10315) ftarth Chopra (2016TT10829) Supervisor: Prof. Ranjan Bose Before proceeding further, we would like
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationWebSphere Puts Business In Motion. Put People In Motion With Mobile Apps
WebSphere Puts Business In Motion Put People In Motion With Mobile Apps Use Mobile Apps To Create New Revenue Opportunities A clothing store increases sales through personalized offers Customers can scan
More informationN different strategies to automate OWASP ZAP
OWASP BUCHAREST APPSEC CONFERENCE 13 OCTOBER 2017 The OWASP Foundation http://www.owasp.org N different strategies to automate OWASP ZAP The OWASP Zed Attack Proxy Marudhamaran Gunasekaran Zap Contributor
More informationOnline Intensive Ethical Hacking Training
Online Intensive Ethical Hacking Training Feel the heat of Security and Learn something out of the box 0 About the Course This is a 7 Days Intensive Training Program on Ethical Hacking & Cyber Security.
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationAre You Avoiding These Top 10 File Transfer Risks?
Are You Avoiding These Top 10 File Transfer Risks? 1. 2. 3. 4. Today s Agenda Introduction 10 Common File Transfer Risks Brief GoAnywhere MFT Overview Question & Answer HelpSystems Corporate Overview.
More informationATC Android Application Development
ATC Android Application Development 1. Android Framework and Android Studio b. Android Platform Architecture i. Linux Kernel ii. Hardware Abstraction Layer(HAL) iii. Android runtime iv. Native C/C++ Libraries
More informationSD Card with Eclipse/Emulator
SD Card with Eclipse/Emulator Creating the SD Card "image" file (a file representation of a physical SD Card) Assume Cygwin bash shell: $ cd c: $ mkdir sdcards $ cd sdcards $ Android\android-sdk\tools\mksdcard
More informationBachelor Thesis Project. Evaluating Dynamic Analysis Methods for Android Applications
Bachelor Thesis Project Evaluating Dynamic Analysis Methods for Android Applications Author: Alexander Spottka Supervisor: Ola Flygt External Supervisor: Philip Åkesson Semester: VT 2017 Subject: Computer
More informationMobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.
Mobile Payment Application Security Security steps to take while developing Mobile Application s About SISA Payment Security Specialists PCI Certification Body (PCI Qualified Security Assessor) Payment
More informationThe PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference
The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 Copyright 2007 - The OWASP Foundation Permission is granted to copy,
More informationDeliver Strong Mobile App Security and the Ultimate User Experience
Deliver Strong Mobile App Security and the Ultimate User Experience The Presenters Will LaSala, Director of Services @ VASCO Will has been with VASCO since 2001 and over the years has been involved in
More informationPractice Labs Ethical Hacker
Practice Labs Ethical Hacker Lab Outline The Ethical Hacker Practice Lab will provide you with the necessary platform to gain hands on skills in security. By completing the lab tasks you will improve your
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationEthical Hacker Foundation and Security Analysts Course Semester 2
Brochure Software Education Ethical Hacker Foundation and Security Analysts Course Semester 2 The Security Management Course is a graduate-level foundation course in the Information Security space. Brochure
More informationChapter 2 Setting Up for Development
Introduction to Android Application Development, Android Essentials, Fifth Edition Chapter 2 Setting Up for Development Chapter 2 Overview Learn how to set up our Android development environment Look at
More informationSecurity Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE
Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real
More informationDeveloping Solutions for Google Cloud Platform (CPD200) Course Agenda
Developing Solutions for Google Cloud Platform (CPD200) Course Agenda Module 1: Developing Solutions for Google Cloud Platform Identify the advantages of Google Cloud Platform for solution development
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationThe Savage Curtain: Mobile SSL Failures
The Savage Curtain: Mobile SSL Failures Who are these guys? Tony Trummer - Staff Security Engineer aka SecBro Tushar Dalvi - Sr. Security Engineer & Pool Hustler A Private Little War Our Click to edit
More informationCan HTTP Strict Transport Security Meaningfully Help Secure the Web? nicolle neulist June 2, 2012 Security B-Sides Detroit
Can HTTP Strict Transport Security Meaningfully Help Secure the Web? nicolle neulist June 2, 2012 Security B-Sides Detroit 1 2 o hai. 3 Why Think About HTTP Strict Transport Security? Roadmap what is HSTS?
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationFejlessz biztonságos alkalmazást
Fejlessz biztonságos alkalmazást programozási minták fejlesztőknek Attila Polacsek Senior Android Developer Supercharge Csaba Kozák Android Tech Lead Supercharge Security techniques API protection API
More informationSichere Software vom Java-Entwickler
Sichere Software vom Java-Entwickler Dominik Schadow Java Forum Stuttgart 05.07.2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN We can no longer
More informationCopyright
1 SECURITY TEST Data flow -- Can you establish an audit trail for data, what goes where, is data in transit protected, and who has access to it? Data storage -- Where is data stored, and is it encrypted?
More informationMcAfee Network Security Platform
Revision B McAfee Network Security Platform (8.1.7.5-8.1.3.43 M-series Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product
More informationCopyright ECSC Group plc 2017 ECSC - UNRESTRICTED
Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED ECSC - UNRESTRICTED Introduction A Web Application Firewall (WAF) is, in our experience, the most important layer of defence against a wide range of attacks
More informationMOBILE THREAT PREVENTION
MOBILE THREAT PREVENTION BEHAVIORAL RISK ANALYSIS AN ADVANCED APPROACH TO COMPREHENSIVE MOBILE SECURITY Accurate threat detection and efficient response are critical components of preventing advanced attacks
More informationAndroid InsecureBankv2 Usage Guide. InsecureBankv2
Android InsecureBankv2 Usage Guide Author Name Email ID GitHub Link Twitter Dinesh Shetty dinezh.shetty@gmail.com https://github.com/dineshshetty/android- InsecureBankv2 https://twitter.com/din3zh Usage
More informationLecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing
Lecture Overview IN5290 Ethical Hacking Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing Summary - how web sites work HTTP protocol Client side server side actions Accessing
More informationTroubleshooting and Cyber Protection Josh Wheeler
May 4, 2016 Troubleshooting and Cyber Protection Josh Wheeler Network Security Network Security Risks Video Network Security Risks Article Network Security Risks Data stealing or disruption of network
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationWhat Ails Our Healthcare Systems?
SESSION ID: FLE-F04 What Ails Our Healthcare Systems? Minatee Mishra Sr. Group Leader Product Security, Philips HealthTech @minatee_mishra Jiggyasu Sharma Technical Specialist Product Security, Philips
More informationAn Extensive Evaluation of the Internet s Open Proxies
An Extensive Evaluation of the Internet s Open Proxies Akshaya Mani Georgetown University Tavish Vaidya Georgetown University David Dworken Northeastern University Micah Sherr Georgetown University *Co-first
More informationIT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,
IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against
More informationSecurity. SWE 432, Fall 2017 Design and Implementation of Software for the Web
Security SWE 432, Fall 2017 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Authorization oauth 2 Security Why is it important? Users data is
More informationChapter 2. Operating-System Structures
Chapter 2 Operating-System Structures 2.1 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More information