Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Demystifying OWASP Top 10 Mobile Risks

GDG Montreal
March 07, 2024
0
26

Demystifying OWASP Top 10 Mobile Risks

In this talk we'll have a comprehensive look at the most common security risks that affect mobile applications according to the Open Web Application Security Project, with interesting code samples in Flutter/Dart, as well as some tips and tricks on how to prepare our apps to walk around each potential security risk.

GDG Montreal

March 07, 2024
Tweet

More Decks by GDG Montreal

See All by GDG Montreal
Advanced Pregnancy Risk Assessment Using AI Model Chain by Kiruthika Subramani
gdgmontreal
0
9
Al and Security: A double edge sword? by Stacy Véronneau and Yan Bellerose
gdgmontreal
0
11
Scaling AI on a Budget: A Startup's GPU Optimization Journey by Shannon Lal
gdgmontreal
0
10
Build Your Own Secured AI Platform with Google Cloud Vertex AI by unleashing the Power of Multi-LLM by Eckarath Khounsombath
gdgmontreal
0
17
FlutterMTL_-_Flutter_Next_24.pdf
gdgmontreal
0
7
Developing Flutter Applications in Dev Container Environments - Ali Yazdi
gdgmontreal
0
7
Building an ML powered Android Livestreaming App by Etienne Caron
gdgmontreal
0
13
Boosting Your Mobile App: Small Details, Big Impact by Mathieu Fillion
gdgmontreal
0
7
The Hitchhiker's Guide to MLOps by David Cardozo
gdgmontreal
0
6

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
Gamification - CAS2011
davidbonilla
80
5k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
GitHub's CSS Performance
jonrohan
1030
460k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k

Transcript

  1. None

  2. “ ”

  3. None
  4. None
  5. None

  6. Aims to improve software security through community-led projects, local chapters,

    documentation and training Key initiatives: OWASP Top Ten, OWASP projects, local chapters Funded through memberships, corporate sponsorships and conferences Community-driven collaboration
  7. None

  8. • M1: IMPROPER CREDENTIAL USAGE • M2: INADEQUATE SUPPLY CHAIN

    SECURITY • M3: INSECURE AUTHENTICATION/AUTHORIZATION • M4: INSUFFICIENT INPUT/OUTPUT VALIDATION • M5: INSECURE COMMUNICATION • M6: INADEQUATE PRIVACY CONTROLS • M7: INSUFFICIENT BINARY PROTECTIONS • M8: SECURITY MISCONFIGURATION • M9: INSECURE DATA STORAGE • M10: INSUFFICIENT CRYPTOGRAPHY
  9. None

  10. • • • • •

  11. • • • •

  12. None
  13. None

  14. • • •

  15. • • • • •

  16. • •

  17. • • • • •

  18. • • • • •

  19. None
  20. None
  21. None
  22. None

  23. • • •

  24. • • • • •

  25. None
  26. None

  27. • • •

  28. • • • • •

  29. None
  30. None

  31. • • • •

  32. • • • • •

  33. None

  34. • • • • • •

  35. None
  36. None

  37. • • • •

  38. • • • • •

  39. None
  40. None
  41. None

  42. • • •

  43. • • • • •

  44. None
  45. None
  46. None
  47. None

  48. • • •

  49. • • •

  50. • • • • •

  51. None
  52. None
  53. None

  54. • • •

  55. • • • • •

  56. None
  57. None

  58. • • •

  59. • • HTTPS://OWASP.ORG/WWW-PROJECT-MOBILE-TOP-10/ • • @lesterbotello Code samples:

  60. None