Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing Mobile Devices
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Daiane Santos
September 14, 2024
1
46
Securing Mobile Devices
Mind the Sec 2023
Daiane Santos
September 14, 2024
Tweet
Share
More Decks by Daiane Santos
See All by Daiane Santos
A Journey into Mobile Malwares
daianesantos
1
160
Mobile Malwares: how to avoid them
daianesantos
1
50
Pegasus Spyware, a analysis
daianesantos
1
190
Mobile Malwares
daianesantos
1
27
Bypassing APK Protections
daianesantos
1
60
Mobile Hacking
daianesantos
1
50
Bypassing Mobile Protections
daianesantos
1
28
CTF - From 0 to Hero
daianesantos
1
120
GDPR e LGPD: O que eu tenho a ver?
daianesantos
2
330
Featured
See All Featured
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
380
What's in a price? How to price your products and services
michaelherold
247
13k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
120
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.1k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
150
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.3k
How to Think Like a Performance Engineer
csswizardry
28
2.5k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
300
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
110
The Mindset for Success: Future Career Progression
greggifford
PRO
0
270
SEO Brein meetup: CTRL+C is not how to scale international SEO
lindahogenes
0
2.4k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
200
Transcript
None
Securing Mobile Devices Daiane Santos
Agenda Common Mobile Vulnerabilities OWASP Top 10 Mobile Securing Mobile
Apps Obfuscation Secure Coding 01 02 03 04 05
$whoami Autist - AH/SD Mobile Security Engineer @ Nubank CTF
Player and Captain @ RATF Neuroscience and Astronomy enthusiast
Common Mobile Vulnerabilities
OWASP Top 10 M1: Improper Platform Usage M2: Insecure Data
Storage M3: Insecure Communication M4: Insecure Authentication M5: Insufficient Cryptography M6: Insecure Authorization M7: Client Code Quality M8: Code Tampering M9: Reverse Engineering M10: Extraneous Functionality
Unauthorized access and fraud; Intelectual property theft; Trust damaged; Negative
end-user experiences; Negative, potentially permanent impact on the brand’s reputation; Ongoing financial losses; Privacy related and confidencial/sensitive data theft. Business Impact
How do I know if I'm vulnerable?
Can someone code-decrypt your app?
Can someone reverse engineer this app with automated tools?
How to Secure Mobile Devices
Source Code Encryption Penetration Tests Secure the Data-in-transit Database Encryption
Cryptography 1. 2. 3. 4. 5.
6. High-level Authentication 7. Secure the Backend 8. Minimize Storage
of Sensitive Data 9. Be careful with Third-Party Services
GENERAL REMOTE ATTESTATION INTEGRITY CHECKS ROOT DETECTION DEVICE BINDING SSL
PINNING EMULATOR DETECTOR RESOURCES ENCRYPTION INTEGRITY CHECKS ANTI-TEMPERING APPLICATION CODE ENCRYPTION CODE OBFUSCATION ANTI-HOOK ANTI-TEMPERING CODE
Obfuscation
None
None
None
None
None
Secure Coding Best practices according to each programming language Map
security requirements at the beginning of the project Include SAST and DAST tools, and a Vulnerability Management process
References OWASP Mobile Top 10 Mobile Testing Guide Secure Coding
Practices
Thank you! If you have any questions, please feel free
to contact me!
daianesantos
reverentgeek
michaelherold
techseoconnect
aleyda
ryanjones
palkan
csswizardry
codingconduct
greggifford
lindahogenes
skoyamalab
