Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Demystifying OWASP Top 10 Mobile Risks

GDG Montreal
March 07, 2024
0
12

Demystifying OWASP Top 10 Mobile Risks

In this talk we'll have a comprehensive look at the most common security risks that affect mobile applications according to the Open Web Application Security Project, with interesting code samples in Flutter/Dart, as well as some tips and tricks on how to prepare our apps to walk around each potential security risk.

GDG Montreal

March 07, 2024
Tweet

More Decks by GDG Montreal

See All by GDG Montreal
Build an AI doctor assistant on Android by Florian Denu
gdgmontreal
0
14
Building an arcade with Android by Éric Boissonneault
gdgmontreal
0
12
Navidot - Presentation of a school project using Flutter in 3 months
gdgmontreal
0
9
Getting Started Right: A Guide to Project Structure & Architecture
gdgmontreal
0
10
Flutter @Next’24 - How Google did promoted Flutter
gdgmontreal
0
7
Introduction to Game Development in Flutter with Flame
gdgmontreal
0
18
Leveraging generics to create flexible, type-safe, highly reusable code
gdgmontreal
0
13
Core concepts of Navigation in Flutter
gdgmontreal
0
20
2024 FlutterMTL January Meetup - Mastering Dart Langchain by Eckarath
gdgmontreal
1
36

Featured

See All Featured
Producing Creativity
orderedlist
PRO
337
39k
Unsuck your backbone
ammeep
663
57k
Building a Scalable Design System with Sketch
lauravandoore
456
32k
Infographics Made Easy
chrislema
238
18k
For a Future-Friendly Web
brad_frost
172
9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
Become a Pro
speakerdeck
PRO
11
4.5k
Build your cross-platform service in a week with App Engine
jlugia
225
17k
It's Worth the Effort
3n
180
27k
The Cost Of JavaScript in 2023
addyosmani
16
3.9k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
Building an army of robots
kneath
300
41k

Transcript

  1. None

  2. “ ”

  3. None
  4. None
  5. None

  6. Aims to improve software security through community-led projects, local chapters,

    documentation and training Key initiatives: OWASP Top Ten, OWASP projects, local chapters Funded through memberships, corporate sponsorships and conferences Community-driven collaboration
  7. None

  8. • M1: IMPROPER CREDENTIAL USAGE • M2: INADEQUATE SUPPLY CHAIN

    SECURITY • M3: INSECURE AUTHENTICATION/AUTHORIZATION • M4: INSUFFICIENT INPUT/OUTPUT VALIDATION • M5: INSECURE COMMUNICATION • M6: INADEQUATE PRIVACY CONTROLS • M7: INSUFFICIENT BINARY PROTECTIONS • M8: SECURITY MISCONFIGURATION • M9: INSECURE DATA STORAGE • M10: INSUFFICIENT CRYPTOGRAPHY
  9. None

  10. • • • • •

  11. • • • •

  12. None
  13. None

  14. • • •

  15. • • • • •

  16. • •

  17. • • • • •

  18. • • • • •

  19. None
  20. None
  21. None
  22. None

  23. • • •

  24. • • • • •

  25. None
  26. None

  27. • • •

  28. • • • • •

  29. None
  30. None

  31. • • • •

  32. • • • • •

  33. None

  34. • • • • • •

  35. None
  36. None

  37. • • • •

  38. • • • • •

  39. None
  40. None
  41. None

  42. • • •

  43. • • • • •

  44. None
  45. None
  46. None
  47. None

  48. • • •

  49. • • •

  50. • • • • •

  51. None
  52. None
  53. None

  54. • • •

  55. • • • • •

  56. None
  57. None

  58. • • •

  59. • • HTTPS://OWASP.ORG/WWW-PROJECT-MOBILE-TOP-10/ • • @lesterbotello Code samples:

  60. None