SlideShare a Scribd company logo

Unicom Conference - Mobile Application Security

Subho Halder
Subho Halder

Mobile adoption is strategic in every industry today. Although it can be a great catalyst for growth, the security risks that come with it cannot be overlooked. Even though this fact is established, many companies are still not following some of the mobile application security best practices. The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations during development. We will be covering from basic OWASP top 10 security issues to live demos on different use-case scenarios on how a hacker can hack your application, and how to prevent them.

1 of 21
Downloaded 11 times
Mobile Application Security Subho Halder CoFounder & CTO 5 Tweet while I’m talking: @appknox @sunnyrockzzs #MobileSecurity
Mobile Application Security 2 Introduction  The Great Mobility Security Debate ! " # x $  ă Ć & ą r 5 8 1 ü Ĉ É ' Ġ Ä c h l [ j Å a ä n ‚ Z : è s o @ û ĥ p ö y Ç 9 é e W e B ù éë 0 01 Fragmented Applications Multiple Applications for Multiple Platform and Multiple Architectures makes it difficult for App Developers to keep-up with security concerns 03 Personal & Social Information Mobile Devices holds your personal and social information, and applications has access to these information 02 Fragmented Platforms With multiple platforms and multiple versions of Mobile Operating System, the App Developers faces challenges to keep up with breaking changes & Security up-to-date 04 Businesses & Enterprise Data With mobile getting adopted at workplaces, sensitive information are now accessible to applications
 While these devices offer us increased internet connectivity and day-to-day convenience, they also carry considerable security risks Why mobile security is Important ?
Mobile Application Security 4 Why Mobile Security Is Important ?  More data could be more danger with mobile devices ì ì ì ì ì ì Data Breaches With more data accessible to applications, security becomes more paramount. Mobile Malwares Gone are the days of computer malware, mobile malware are now growing more sophisticated with access to more data Businesses worry about smartphone risks While the threat is universal, being protected doesn’t have to be difficult. If anything, it is becoming increasingly important. Cyberattacks on mobiles increasing Cyberattacks on mobile devices, especially smartphones, have become all too common. And over the last year alone, we’ve seen cybercriminals deploy all sorts of effective strategies. Privacy Leakages Privacy has also been called into question, as so many of these mobile apps collect huge quantities of data and store them.
 The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. Securing Your Apps
Mobile Application Security 6 Security  Different Steps towards Mobile Application Security Testing Average Coverage Code configuration issues. Source code analysis. Insecure setting analysis %30  Static Analysis Average Coverage Runtime memory analysis. File- system layer analysis. Data flow analysis. %40  Dynamic Analysis Average Coverage HTTP/HTTPS network analysis. Data flow analysis. Socket analysis. %15  Network Analysis Average Coverage Business logic analysis. Criticality analysis. Brute force attack analysis. %15  Manual Assessment
 The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. 2013 OWASP Mobile top 10
Mobile Application Security 8 Top 10 OWASP Mobile Security List  The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. Poor Authorization and Authentication Poor or missing authentication schemes allow an adversary to anonymously execute functionality within the mobile app or backend server used by the mobile app. ç Unintended Data Leakage Unintended data leakage occurs when a developer inadvertently places sensitive information or data in a location on the mobile device that is easily accessible by other apps on the device. ‚ Insufficient Transport Layer Protection If the application is coded poorly, threat agents can use techniques to view this sensitive data. Unfortunately, mobile applications frequently do not protect network traffic 0 Insecure Data Storage Many developers assume that storing data on client-side will restrict other users from having access to this data. : Weak Server Side Controls Most security experts might argue that server-side security falls outside of the area of mobile application security threats. Till last year, it was the second most important mobile security threat. Z 05 04 03 02 80% 43% 01 64% 72% 19% Source: https://blog.appknox.com/category/owasp-top-10-mobile/
Mobile Application Security 9 Top 10 OWASP Mobile Security List  The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. 06 07  08 09  10  Client side injection results in the execution of malicious code on the client side which is the mobile device, via the mobile app. Client Side Injection As the name suggests, this issue is because session tokens are not handled in the best way. Improper Session Handling Broken Cryptography or insecure usage of cryptography is mostly common in mobile apps that leverage encryption. Broken Cryptography Developers generally use hidden fields and values or any hidden functionality to distinguish higher level users from lower level users. Security Decisions Via Untrusted Inputs A lack of binary protections within a mobile app exposes the application and it’s owner to a large variety of technical and business risks if the underlying application is insecure or exposes sensitive intellectual property. Lack of Binary Protections
 The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. 2016 OWASP Mobile top 10
Mobile Application Security 2016 OWASP Mobile top 10 11  Mobile Security Landscape Improper Platform Usage  Insecure Data Storage  Insecure Communication  Insecure Authentication  Insufficient Cryptography  Insecure Authorization  Client Code Quality  Code Tampering  Reverse Engineering  Extraneous Functionality 
 The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. Top 5 Issues from 2016 OWASP Top 10
Mobile Application Security Improper Platform Usage 13  Misuse of OS Platform Components This category covers misuse of a platform feature or failure to use platform security controls. It might include Android intents, platform permissions, misuse of TouchID, the Keychain, or some other security control that is part of the mobile operating system. There are several ways that mobile apps can experience this risk. Source: Appmon Demo https://www.youtube.com/watch?v=ECnkgz3jnPM
Mobile Application Security Insecure Data Storage 14  Insecure way storing private data This new category is a combination of M2 + M4 from Mobile Top Ten 2014. This covers insecure data storage and unintended data leakage Source: ITSELECT LAB on DVIA App https://www.youtube.com/watch?v=GAFxWnU1b4w
Mobile Application Security Insecure Communication 15  Communicating over insecure SSL or without HTTPS This covers poor handshaking, incorrect SSL versions, weak negotiation, cleartext communication of sensitive assets, etc.
Mobile Application Security Insufficient Cryptography 16  Communicating over insecure SSL or without HTTPS The code applies cryptography to a sensitive information asset. However, the cryptography is insufficient in some way. Note that anything and everything related to TLS or SSL goes in M3. Also, if the app fails to use cryptography at all when it should, that probably belongs in M2. This category is for issues where cryptography was attempted, but it wasn't done correctly Source: Fireeye Research https://www.fireeye.com/blog/threat-research/2015/01/cryptographic_vulner.html
Mobile Application Security Extraneous Functionality 17  Communicating over insecure SSL or without HTTPS Often, developers include hidden backdoor functionality or other internal development security controls that are not intended to be released into a production environment. For example, a developer may accidentally include a password as a comment in a hybrid app. Another example includes disabling of 2-factor authentication during testing Source: OWASP Day https://www.slideshare.net/pprathan/owasp-day-owasp-day-lets-secure
Mobile Application Security 18 Android vs iOS  With the dominance of iOS and the rising popularity of Android devices in the mobile marketplace, the security of these devices is a growing concern and focus for smartphone users. IMAGE 0 25 50 75 100 Vulnerable Apps Malwares Device Vulnerability Fragmentation 0 25 50 75 100 Vulnerable Apps Malwares Device Vulnerabilities Fragmentation Despite iOS being traditionally regarded as the safest platform, there are a number of reasons why that assumption may be becoming outdated. Firstly, occurrences of ransomware, malware, rotten apps on the iTunes store, and social engineering have been coming into the news far more often in recent times. The iOS Device Google’s Android platform has become a larger target for mobile malware writers than Apple iOS. This could be a result of Android’s popularity—with more than 1 million activations per day, Android smartphones command a 59% market share worldwide. The Android Device
Mobile App Security Testing Techniques and Tools - Subho Halder 19 4 Myths About Mobile Security  “Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.” – Gartner ĉ Ą 7 Ĉ Public app stores are safe because they have security filters Data encryption is not required for mobile devices PCs are more secure than mobile phones Two-factor authentication can be neglected for mobile security
Mobile Application Security 20 Cyber Resilience - “Survival of the smartest”  Ashutosh Jain | CISO - AXIS Bank Can’t detect breaches Can detect breaches but don’t remediate fast Swift detection & remedial action there-of Predict cyber threats and hence create future
Thank You @sunnyrockzzs @appknox
Ad

Recommended

Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
cclark_isec
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
GTestClub
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
Cygnet Infotech
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile Applications
Denim Group
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Idexcel Technologies
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
Krisshhna Daasaarii
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
Dirk Nicol
 
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings
Symantec
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending Apps
Blueboxer2014
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
Krisshhna Daasaarii
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
Jack Mannino
 
Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient Truth
AGILLY
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
Bee_Ware
 
Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
Michael Davis
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspective
Pietro F. Maggi
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
Masha Geller
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3
Krisshhna Daasaarii
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code Reviews
Denim Group
 
Mind the gap
Mind the gapMind the gap
Mind the gap
Pietro F. Maggi
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
IOSR Journals
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
Tharaka Mahadewa
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
mobileironmarketing
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate Networks
Icomm Technologies
 
Designing Secure Mobile Apps
Designing Secure Mobile AppsDesigning Secure Mobile Apps
Designing Secure Mobile Apps
Denim Group
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
Subho Halder
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC
 
Ad

More Related Content

What's hot (20)

Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending Apps
Blueboxer2014
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
Krisshhna Daasaarii
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
Jack Mannino
 
Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient Truth
AGILLY
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
Bee_Ware
 
Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
Michael Davis
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspective
Pietro F. Maggi
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
Masha Geller
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3
Krisshhna Daasaarii
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code Reviews
Denim Group
 
Mind the gap
Mind the gapMind the gap
Mind the gap
Pietro F. Maggi
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
IOSR Journals
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
Tharaka Mahadewa
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
mobileironmarketing
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate Networks
Icomm Technologies
 
Designing Secure Mobile Apps
Designing Secure Mobile AppsDesigning Secure Mobile Apps
Designing Secure Mobile Apps
Denim Group
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending Apps
Blueboxer2014
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
Krisshhna Daasaarii
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
Jack Mannino
 
Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient Truth
AGILLY
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
Bee_Ware
 
Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
Michael Davis
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspective
Pietro F. Maggi
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
Masha Geller
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3
Krisshhna Daasaarii
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code Reviews
Denim Group
 
Mind the gap
Mind the gapMind the gap
Mind the gap
Pietro F. Maggi
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
IOSR Journals
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
Tharaka Mahadewa
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
mobileironmarketing
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate Networks
Icomm Technologies
 
Designing Secure Mobile Apps
Designing Secure Mobile AppsDesigning Secure Mobile Apps
Designing Secure Mobile Apps
Denim Group
 

Similar to Unicom Conference - Mobile Application Security (20)

Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
Subho Halder
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
Booz Allen Hamilton
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
venkatprasadvadla1
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
Kulani Mahadewa
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise Mobility
RapidSSLOnline.com
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your business
Symantec
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
shriram suryanarayanan
 
Mobile Application Penetration Testing: Ensuring the Security of Your Apps
Mobile Application Penetration Testing: Ensuring the Security of Your AppsMobile Application Penetration Testing: Ensuring the Security of Your Apps
Mobile Application Penetration Testing: Ensuring the Security of Your Apps
Mobile Security
 
HackMiami_2017_Chemerkin_Yury_for_website.pdf
HackMiami_2017_Chemerkin_Yury_for_website.pdfHackMiami_2017_Chemerkin_Yury_for_website.pdf
HackMiami_2017_Chemerkin_Yury_for_website.pdf
Yury Chemerkin
 
How to Make your Flutter App More Secure | Flutter Agency
How to Make your Flutter App More Secure | Flutter AgencyHow to Make your Flutter App More Secure | Flutter Agency
How to Make your Flutter App More Secure | Flutter Agency
RubenGray1
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
Advanced monitoring
 
Secon_2017_Chemerkin_Yury_-_final_-_Clean.pdf
Secon_2017_Chemerkin_Yury_-_final_-_Clean.pdfSecon_2017_Chemerkin_Yury_-_final_-_Clean.pdf
Secon_2017_Chemerkin_Yury_-_final_-_Clean.pdf
Yury Chemerkin
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurity
Gary Sandoval
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
Tim Youm
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
Subho Halder
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
Booz Allen Hamilton
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
venkatprasadvadla1
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
Kulani Mahadewa
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise Mobility
RapidSSLOnline.com
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your business
Symantec
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
shriram suryanarayanan
 
Mobile Application Penetration Testing: Ensuring the Security of Your Apps
Mobile Application Penetration Testing: Ensuring the Security of Your AppsMobile Application Penetration Testing: Ensuring the Security of Your Apps
Mobile Application Penetration Testing: Ensuring the Security of Your Apps
Mobile Security
 
HackMiami_2017_Chemerkin_Yury_for_website.pdf
HackMiami_2017_Chemerkin_Yury_for_website.pdfHackMiami_2017_Chemerkin_Yury_for_website.pdf
HackMiami_2017_Chemerkin_Yury_for_website.pdf
Yury Chemerkin
 
How to Make your Flutter App More Secure | Flutter Agency
How to Make your Flutter App More Secure | Flutter AgencyHow to Make your Flutter App More Secure | Flutter Agency
How to Make your Flutter App More Secure | Flutter Agency
RubenGray1
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
Advanced monitoring
 
Secon_2017_Chemerkin_Yury_-_final_-_Clean.pdf
Secon_2017_Chemerkin_Yury_-_final_-_Clean.pdfSecon_2017_Chemerkin_Yury_-_final_-_Clean.pdf
Secon_2017_Chemerkin_Yury_-_final_-_Clean.pdf
Yury Chemerkin
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurity
Gary Sandoval
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
Tim Youm
 
Ad

Recently uploaded (20)

HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Ad

Unicom Conference - Mobile Application Security

  • 1. Mobile Application Security Subho Halder CoFounder & CTO 5 Tweet while I’m talking: @appknox @sunnyrockzzs #MobileSecurity
  • 2. Mobile Application Security 2 Introduction  The Great Mobility Security Debate ! " # x $  ă Ć & ą r 5 8 1 ü Ĉ É ' Ġ Ä c h l [ j Å a ä n ‚ Z : è s o @ û ĥ p ö y Ç 9 é e W e B ù éë 0 01 Fragmented Applications Multiple Applications for Multiple Platform and Multiple Architectures makes it difficult for App Developers to keep-up with security concerns 03 Personal & Social Information Mobile Devices holds your personal and social information, and applications has access to these information 02 Fragmented Platforms With multiple platforms and multiple versions of Mobile Operating System, the App Developers faces challenges to keep up with breaking changes & Security up-to-date 04 Businesses & Enterprise Data With mobile getting adopted at workplaces, sensitive information are now accessible to applications
  • 3.  While these devices offer us increased internet connectivity and day-to-day convenience, they also carry considerable security risks Why mobile security is Important ?
  • 4. Mobile Application Security 4 Why Mobile Security Is Important ?  More data could be more danger with mobile devices ì ì ì ì ì ì Data Breaches With more data accessible to applications, security becomes more paramount. Mobile Malwares Gone are the days of computer malware, mobile malware are now growing more sophisticated with access to more data Businesses worry about smartphone risks While the threat is universal, being protected doesn’t have to be difficult. If anything, it is becoming increasingly important. Cyberattacks on mobiles increasing Cyberattacks on mobile devices, especially smartphones, have become all too common. And over the last year alone, we’ve seen cybercriminals deploy all sorts of effective strategies. Privacy Leakages Privacy has also been called into question, as so many of these mobile apps collect huge quantities of data and store them.
  • 5.  The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. Securing Your Apps
  • 6. Mobile Application Security 6 Security  Different Steps towards Mobile Application Security Testing Average Coverage Code configuration issues. Source code analysis. Insecure setting analysis %30  Static Analysis Average Coverage Runtime memory analysis. File- system layer analysis. Data flow analysis. %40  Dynamic Analysis Average Coverage HTTP/HTTPS network analysis. Data flow analysis. Socket analysis. %15  Network Analysis Average Coverage Business logic analysis. Criticality analysis. Brute force attack analysis. %15  Manual Assessment
  • 7.  The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. 2013 OWASP Mobile top 10
  • 8. Mobile Application Security 8 Top 10 OWASP Mobile Security List  The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. Poor Authorization and Authentication Poor or missing authentication schemes allow an adversary to anonymously execute functionality within the mobile app or backend server used by the mobile app. ç Unintended Data Leakage Unintended data leakage occurs when a developer inadvertently places sensitive information or data in a location on the mobile device that is easily accessible by other apps on the device. ‚ Insufficient Transport Layer Protection If the application is coded poorly, threat agents can use techniques to view this sensitive data. Unfortunately, mobile applications frequently do not protect network traffic 0 Insecure Data Storage Many developers assume that storing data on client-side will restrict other users from having access to this data. : Weak Server Side Controls Most security experts might argue that server-side security falls outside of the area of mobile application security threats. Till last year, it was the second most important mobile security threat. Z 05 04 03 02 80% 43% 01 64% 72% 19% Source: https://blog.appknox.com/category/owasp-top-10-mobile/
  • 9. Mobile Application Security 9 Top 10 OWASP Mobile Security List  The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. 06 07  08 09  10  Client side injection results in the execution of malicious code on the client side which is the mobile device, via the mobile app. Client Side Injection As the name suggests, this issue is because session tokens are not handled in the best way. Improper Session Handling Broken Cryptography or insecure usage of cryptography is mostly common in mobile apps that leverage encryption. Broken Cryptography Developers generally use hidden fields and values or any hidden functionality to distinguish higher level users from lower level users. Security Decisions Via Untrusted Inputs A lack of binary protections within a mobile app exposes the application and it’s owner to a large variety of technical and business risks if the underlying application is insecure or exposes sensitive intellectual property. Lack of Binary Protections
  • 10.  The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. 2016 OWASP Mobile top 10
  • 11. Mobile Application Security 2016 OWASP Mobile top 10 11  Mobile Security Landscape Improper Platform Usage  Insecure Data Storage  Insecure Communication  Insecure Authentication  Insufficient Cryptography  Insecure Authorization  Client Code Quality  Code Tampering  Reverse Engineering  Extraneous Functionality 
  • 12.  The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations. Top 5 Issues from 2016 OWASP Top 10
  • 13. Mobile Application Security Improper Platform Usage 13  Misuse of OS Platform Components This category covers misuse of a platform feature or failure to use platform security controls. It might include Android intents, platform permissions, misuse of TouchID, the Keychain, or some other security control that is part of the mobile operating system. There are several ways that mobile apps can experience this risk. Source: Appmon Demo https://www.youtube.com/watch?v=ECnkgz3jnPM
  • 14. Mobile Application Security Insecure Data Storage 14  Insecure way storing private data This new category is a combination of M2 + M4 from Mobile Top Ten 2014. This covers insecure data storage and unintended data leakage Source: ITSELECT LAB on DVIA App https://www.youtube.com/watch?v=GAFxWnU1b4w
  • 15. Mobile Application Security Insecure Communication 15  Communicating over insecure SSL or without HTTPS This covers poor handshaking, incorrect SSL versions, weak negotiation, cleartext communication of sensitive assets, etc.
  • 16. Mobile Application Security Insufficient Cryptography 16  Communicating over insecure SSL or without HTTPS The code applies cryptography to a sensitive information asset. However, the cryptography is insufficient in some way. Note that anything and everything related to TLS or SSL goes in M3. Also, if the app fails to use cryptography at all when it should, that probably belongs in M2. This category is for issues where cryptography was attempted, but it wasn't done correctly Source: Fireeye Research https://www.fireeye.com/blog/threat-research/2015/01/cryptographic_vulner.html
  • 17. Mobile Application Security Extraneous Functionality 17  Communicating over insecure SSL or without HTTPS Often, developers include hidden backdoor functionality or other internal development security controls that are not intended to be released into a production environment. For example, a developer may accidentally include a password as a comment in a hybrid app. Another example includes disabling of 2-factor authentication during testing Source: OWASP Day https://www.slideshare.net/pprathan/owasp-day-owasp-day-lets-secure
  • 18. Mobile Application Security 18 Android vs iOS  With the dominance of iOS and the rising popularity of Android devices in the mobile marketplace, the security of these devices is a growing concern and focus for smartphone users. IMAGE 0 25 50 75 100 Vulnerable Apps Malwares Device Vulnerability Fragmentation 0 25 50 75 100 Vulnerable Apps Malwares Device Vulnerabilities Fragmentation Despite iOS being traditionally regarded as the safest platform, there are a number of reasons why that assumption may be becoming outdated. Firstly, occurrences of ransomware, malware, rotten apps on the iTunes store, and social engineering have been coming into the news far more often in recent times. The iOS Device Google’s Android platform has become a larger target for mobile malware writers than Apple iOS. This could be a result of Android’s popularity—with more than 1 million activations per day, Android smartphones command a 59% market share worldwide. The Android Device
  • 19. Mobile App Security Testing Techniques and Tools - Subho Halder 19 4 Myths About Mobile Security  “Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.” – Gartner ĉ Ą 7 Ĉ Public app stores are safe because they have security filters Data encryption is not required for mobile devices PCs are more secure than mobile phones Two-factor authentication can be neglected for mobile security
  • 20. Mobile Application Security 20 Cyber Resilience - “Survival of the smartest”  Ashutosh Jain | CISO - AXIS Bank Can’t detect breaches Can detect breaches but don’t remediate fast Swift detection & remedial action there-of Predict cyber threats and hence create future