Mobile Security
Mobile Top 10 Risk @2016 From OWASP
@DyanGalih
OWASP?
OWASP (Open Web Application Security Project) is an organization that provides unbiased and practical, cost-effective information about computer and Internet applications.
Improper Platform Usage
- misuse of a platform feature or failure to use platform security controls
- Android intents
- platform permissions
- misuse of TouchID
- the Keychain
Insecure Data Storage
- This covers insecure data storage and unintended data leakage
- Authentication Issue
Insecure Communication
- poor handshaking
- incorrect SSL versions
- weak negotiation
- cleartext communication of sensitive assets
Insecure Authentication
- Failing to identify the user at all when that should be required
- Failure to maintain the user's identity when it is required
- Weaknesses in session management
Insufficient Cryptography
- This category is for issues where cryptography was attempted, but it wasn't done correctly.
- Crash with community issue
- Crash with data storage issue
Insecure Authorization
- Use authentication method for private activity
- Use authentication method for private data
Client Code Quality
- Security Decisions Via Untrusted Inputs
- Buggy Code
Code Tampering
- Security Decisions Via Untrusted Inputs
- Buggy Code
Code Tampering
- binary patching
- local resource modification
- method hooking
- method swizzling
- dynamic memory modification
Reverse Engineering
- analysis of the final core binary to determine its source code
- libraries
- algorithms
Any Question?
Reverse Engineering
- analysis of the final core binary to determine its source code
- libraries
- algorithms
Mobile Security
By Dyan Galih
Mobile Security
- 1,353