Upgrade to PRO for Only $50/Yearโ€”Limited-Time Offer! ๐Ÿ”ฅ

Secure Coding Standards

Avatar for Merab Tato Kutalia Merab Tato Kutalia
December 30, 2021
Technology
0
150

Secure Codingย Standards

What are the guidelines we have to follow in order to bring more security to our apps and users? What is OWASP? What tools can we use to monitor and prevent issues? All these questions will be covered in this talk

Avatar for Merab Tato Kutalia

Merab Tato Kutalia

December 30, 2021
Tweet

More Decks by Merab Tato Kutalia

See All by Merab Tato Kutalia
What's new in Android 14?
Avatar for Merab Tato Kutalia tatocaster
0
170
Migrate to Gradle version catalog and convention plugins
Avatar for Merab Tato Kutalia tatocaster
3
1.9k
Make Codebases Secure with OWASP
Avatar for Merab Tato Kutalia tatocaster
0
200
แƒขแƒแƒœแƒ’แƒ แƒแƒœแƒ“แƒ แƒแƒ˜แƒ“แƒ—แƒแƒœ
Avatar for Merab Tato Kutalia tatocaster
0
270
Adopting Huawei Mobile Services
Avatar for Merab Tato Kutalia tatocaster
0
67
Android UI Testing & Challenges
Avatar for Merab Tato Kutalia tatocaster
1
110
Reverse & Inject - droidcon
Avatar for Merab Tato Kutalia tatocaster
3
310
mobile DevOps
Avatar for Merab Tato Kutalia tatocaster
1
140
Android Reverse Engineering and Analysis - OWASP Tbilisi
Avatar for Merab Tato Kutalia tatocaster
1
290

Other Decks in Technology

See All in Technology
AWSใ‚’ไฝฟใ†ไธŠใงๆœ€ไฝŽ้™็ŸฅใฃใฆใŠใใŸใ„ใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃ็ ”ไฟฎใ‚’็คพๅ†…ใงๅฎŸๆ–ฝใ—ใŸ่ฉฑ ~ใฟใ‚“ใชใงใ‚„ใ‚‹ใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃ~
Avatar for maimyyym maimyyym
2
1.3k
ใ€ŒManaged Instancesใ€ใจใ€Œdurable functionsใ€ใงๅบƒใŒใ‚‹AWS Lambdaใฎใƒฆใƒผใ‚นใ‚ฑใƒผใ‚น
Avatar for Lamaglama39 lamaglama39
0
320
AWSใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃใ‚ขใƒƒใƒ•ใ‚šใƒ†ใ‚™ใƒผใƒˆใจAWSใ‚’่‚ฒใฆใ‚‹่ฉฑ
Avatar for cm-usuda-keisuke cmusudakeisuke
0
280
Kubernetes Multi-tenancy: Principles and Practices for Large Scale Internal Platforms
Avatar for hhiroshell hhiroshell
0
120
.NET 10ใฎๆฆ‚่ฆ
Avatar for tomokusaba tomokusaba
0
110
[ใƒ‡ใƒขใงใ™] NotebookLM ใงไฝœใฃใŸใ‚นใƒฉใ‚คใƒ‰ใฎไพ‹
Avatar for Takaaki Tanaka kongmingstrap
0
150
AWS Trainium3 ใ‚’ใกใ‚‡ใฃใจ่บซ่ฟ‘ใซๆ„Ÿใ˜ใŸใ„
Avatar for Yasutaka OHMURA bigmuramura
1
140
Kiro Autonomous AgentใจKiro Powers ใฎ็ดนไป‹ / kiro-autonomous-agent-and-powers
Avatar for tomoki10 tomoki10
0
490
ChatGPTใง่ซ–โฝ‚ใฏ่ชญใ‚ใ‚‹ใฎใ‹
Avatar for Spatial AI Network spatial_ai_network
9
28k
้žCUDAใฎๆ‚ฒๅ“€ ใ€œClaude Code ใจๆŒ‘ใ‚“ใ  image to 3D โ€œHunyuan3Dโ€ใ‚’ EVO-X2(Ryzen AI Max+395)ใงๅ‹•ไฝœใ•ใ›ใ‚‹ใƒใƒฃใƒฌใƒณใ‚ธใ€œ
Avatar for hawky the miscellaneous hawkymisc
2
190
ๅคšๆง˜ใชใƒ‡ใ‚ธใ‚ฟใƒซใ‚ขใ‚คใƒ‡ใƒณใƒ†ใ‚ฃใƒ†ใ‚ฃใ‚’ๆ”ปๆ’ƒใ‹ใ‚‰ใฉใ†ใ‚„ใฃใฆๅฎˆใ‚‹ใฎใ‹ / 20251212
Avatar for Ayokura ayokura
0
450
regrowth_tokyo_2025_securityagent
Avatar for h-ashisan hiashisan
0
240

Featured

See All Featured
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
302
51k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
800
Evolution of real-timeย โ€“ Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1.1k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
331
21k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
1k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.2k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
1
100
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
25
1.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
141
34k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
46
2.6k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
141
7.2k

Transcript

  1. Secure Coding Standards Merab Tato Kutalia Android GDE, Chapter Lead

    @ TBC Bank @TatoKutalia

  2. แƒ แƒแƒ’แƒแƒ แƒ˜แƒ แƒฃแƒกแƒแƒคแƒ แƒ—แƒฎแƒ แƒžแƒ แƒแƒ’แƒ แƒแƒ›แƒ? โ€ข access control-แƒ˜แƒก แƒ›แƒแƒ แƒ—แƒ•แƒ โ€ข data protection

    โ€ข แƒ›แƒแƒฌแƒงแƒ•แƒšแƒแƒ“แƒแƒ‘แƒ”แƒ‘แƒ˜แƒกแƒ’แƒแƒœ แƒ“แƒแƒชแƒ•แƒ

  3. แƒฃแƒกแƒแƒคแƒ แƒ—แƒฎแƒ แƒ™แƒแƒ“แƒ˜แƒก แƒกแƒขแƒแƒœแƒ“แƒแƒ แƒขแƒ”แƒ‘แƒ˜

  4. แƒ แƒ แƒแƒ แƒ˜แƒก แƒฃแƒกแƒแƒคแƒ แƒ—แƒฎแƒ แƒ™แƒแƒ“แƒ˜แƒก แƒกแƒขแƒแƒœแƒ“แƒแƒ แƒขแƒ”แƒ‘แƒ˜? แƒฃแƒกแƒแƒคแƒ แƒ—แƒฎแƒ แƒ™แƒแƒ“แƒ˜แƒก แƒกแƒขแƒแƒœแƒ“แƒแƒ แƒขแƒ”แƒ‘แƒ˜ แƒแƒ แƒ˜แƒก แƒฌแƒ”แƒกแƒ”แƒ‘แƒ˜แƒกแƒ

    แƒ“แƒ แƒ›แƒ˜แƒ—แƒ˜แƒ—แƒ”แƒ‘แƒ”แƒ‘แƒ˜แƒก แƒœแƒแƒ™แƒ แƒ”แƒ‘แƒ˜ แƒ แƒแƒ›แƒ”แƒšแƒ˜แƒช แƒ’แƒแƒ›แƒแƒ˜แƒงแƒ”แƒœแƒ”แƒ‘แƒ แƒ›แƒแƒฌแƒงแƒ•แƒšแƒแƒ“แƒแƒ‘แƒ˜แƒก แƒแƒฆแƒ›แƒแƒกแƒแƒคแƒฎแƒ•แƒ แƒ”แƒšแƒแƒ“. แƒแƒ› แƒกแƒขแƒแƒœแƒ“แƒแƒ แƒขแƒ”แƒ‘แƒ˜แƒก แƒกแƒฌแƒแƒ แƒแƒ“ แƒ’แƒแƒ›แƒแƒงแƒ”แƒœแƒ”แƒ‘แƒ˜แƒก แƒจแƒ”แƒ›แƒ—แƒฎแƒ•แƒ”แƒ•แƒแƒจแƒ˜ แƒ”แƒคแƒ”แƒฅแƒขแƒฃแƒ แƒแƒ“ แƒจแƒ”แƒ’แƒ•แƒ˜แƒซแƒšแƒ˜แƒ แƒ˜แƒ› แƒจแƒ”แƒชแƒ“แƒแƒ›แƒ”แƒ‘แƒ˜แƒก แƒžแƒแƒ•แƒœแƒ, แƒแƒฆแƒ›แƒแƒคแƒฎแƒ•แƒ แƒ แƒ“แƒ แƒžแƒ แƒ”แƒ•แƒ”แƒœแƒชแƒ˜แƒ, แƒ แƒแƒ›แƒ”แƒšแƒกแƒแƒช แƒจแƒ”แƒฃแƒซแƒšแƒ˜แƒ แƒฉแƒ•แƒ”แƒœแƒ˜ แƒžแƒ แƒแƒ’แƒ แƒแƒ›แƒฃแƒšแƒ˜ แƒฃแƒ–แƒ แƒฃแƒœแƒ•แƒ”แƒšแƒงแƒแƒคแƒ˜แƒก แƒ“แƒแƒ–แƒ˜แƒแƒœแƒ”แƒ‘แƒ.

  5. แƒ แƒแƒขแƒแƒ› แƒฃแƒœแƒ“แƒ แƒ’แƒ•แƒแƒฆแƒ”แƒšแƒ•แƒ”แƒ‘แƒ“แƒ”แƒก? โ€ข แƒ“แƒแƒฃแƒชแƒ•แƒ”แƒšแƒ˜ แƒ›แƒแƒ›แƒฎแƒ›แƒแƒ แƒ”แƒ‘แƒšแƒ˜แƒก แƒ˜แƒœแƒคแƒแƒ แƒ›แƒแƒชแƒ˜แƒ โ€ข แƒ แƒ”แƒžแƒฃแƒขแƒแƒชแƒ˜แƒฃแƒšแƒ˜ แƒ–แƒ˜แƒแƒœแƒ˜

    โ€ข แƒแƒ แƒแƒกแƒแƒœแƒ“แƒ แƒ“แƒ”แƒ•แƒ”แƒšแƒแƒžแƒ›แƒ”แƒœแƒข แƒžแƒ แƒแƒชแƒ”แƒกแƒ”แƒ‘แƒ˜

  6. แƒ แƒ แƒ•แƒ˜แƒฆแƒแƒœแƒแƒ—? โ€ข แƒ›แƒ˜แƒ•แƒงแƒ•แƒ”แƒ— แƒ˜แƒ› แƒžแƒ แƒแƒ’แƒ แƒแƒ›แƒฃแƒšแƒ˜ แƒ”แƒœแƒ˜แƒก แƒ“แƒ แƒžแƒšแƒแƒขแƒคแƒแƒ แƒ›แƒ˜แƒก แƒกแƒขแƒแƒœแƒ“แƒแƒ แƒขแƒ”แƒ‘แƒก

    แƒ แƒแƒกแƒแƒช แƒ’แƒ•แƒ—แƒแƒ•แƒแƒ–แƒแƒ‘แƒ”แƒœ โ€ข JVM โ€ข Android โ€ข Apple/iOS

  7. แƒ แƒ แƒ•แƒ˜แƒฆแƒแƒœแƒแƒ—? โ€ข แƒ›แƒ˜แƒ•แƒงแƒ•แƒ”แƒ— แƒ˜แƒ› แƒžแƒ แƒแƒ’แƒ แƒแƒ›แƒฃแƒšแƒ˜ แƒ”แƒœแƒ˜แƒก แƒ“แƒ แƒžแƒšแƒแƒขแƒคแƒแƒ แƒ›แƒ˜แƒก แƒกแƒขแƒแƒœแƒ“แƒแƒ แƒขแƒ”แƒ‘แƒก

    แƒ แƒแƒกแƒแƒช แƒ’แƒ•แƒ—แƒแƒ•แƒแƒ–แƒแƒ‘แƒ”แƒœ โ€ข OWASP Top 10 (Mobile) โ€ข CVE โ€ข CERT โ€ข JVM โ€ข Android โ€ข Apple/iOS

  8. OWASP The Open Web Application Security Project โ€ข Tools and

    Resources โ€ข Community and Networking โ€ข Education & Training

  9. OWASP Top 10 Mobile โ€ข M1: Improper Platform Usage โ€ข

    M2: Insecure Data Storage โ€ข M3: Insecure Communication โ€ข M4: Insecure Authentication โ€ข M5: Insufficient Cryptography โ€ข M6: Insecure Authorization โ€ข M7: Client Code Quality โ€ข M8: Code Tampering โ€ข M9: Reverse Engineering โ€ข M10: Extraneous Functionality

  10. OWASP Mobile Security Testing Guide (MSTG) แƒฃแƒกแƒแƒคแƒ แƒ—แƒฎแƒแƒ”แƒ‘แƒ˜แƒก แƒกแƒขแƒแƒœแƒ“แƒแƒ แƒขแƒ”แƒ‘แƒ˜ แƒ—แƒแƒœแƒแƒ›แƒ”แƒ“แƒ แƒแƒ•แƒ” แƒ›แƒแƒ‘แƒ˜แƒšแƒฃแƒ แƒ˜

    แƒแƒžแƒšแƒ˜แƒ™แƒแƒชแƒ˜แƒ”แƒ‘แƒกแƒ—แƒ•แƒ˜แƒก. แƒขแƒ”แƒฅแƒœแƒ˜แƒ™แƒ”แƒ‘แƒ˜ แƒ“แƒ แƒฎแƒ”แƒšแƒกแƒแƒฌแƒงแƒแƒ”แƒ‘แƒ˜. แƒฃแƒกแƒแƒคแƒ แƒ—แƒฎแƒแƒ”แƒ‘แƒ˜แƒก checklist https://owasp.org/www-project-mobile-security-testing-guide/ https://github.com/OWASP/owasp-mstg

  11. OWASP dependency check แƒ›แƒฎแƒแƒ แƒ“แƒแƒญแƒ”แƒ แƒ˜แƒšแƒ˜แƒ แƒงแƒ•แƒ”แƒšแƒ แƒžแƒšแƒแƒขแƒคแƒแƒ แƒ›แƒแƒ–แƒ”. แƒแƒ›แƒแƒฌแƒ›แƒ”แƒ‘แƒก 3rd party แƒ‘แƒ˜แƒ‘แƒšแƒ˜แƒแƒ—แƒ”แƒ™แƒ”แƒ‘แƒก

    แƒฉแƒ•แƒ”แƒœแƒก แƒžแƒ แƒแƒ”แƒฅแƒขแƒจแƒ˜ แƒกแƒแƒฏแƒแƒ แƒ แƒ›แƒแƒœแƒแƒชแƒ”แƒ›แƒ—แƒ แƒ‘แƒแƒ–แƒแƒจแƒ˜, แƒแƒœแƒ˜แƒญแƒ”แƒ‘แƒก แƒจแƒ”แƒกแƒแƒ‘แƒแƒ›แƒ˜แƒก แƒฅแƒฃแƒšแƒแƒก แƒ“แƒ แƒ แƒ”แƒžแƒแƒ แƒขแƒ˜แƒก แƒกแƒแƒฎแƒ˜แƒ— แƒ’แƒ•แƒ—แƒแƒ•แƒแƒ–แƒแƒ‘แƒก. (แƒ›แƒแƒ— แƒจแƒแƒ แƒ˜แƒก transitive dependencies) แƒฉแƒ•แƒ”แƒœแƒ˜ แƒžแƒšแƒแƒขแƒคแƒแƒ แƒ›แƒ˜แƒก แƒ“แƒ แƒกแƒฎแƒ•แƒ แƒ’แƒแƒ แƒ”แƒ›แƒแƒ”แƒ‘แƒ”แƒ‘แƒ–แƒ” แƒ“แƒแƒงแƒ แƒ“แƒœแƒแƒ‘แƒ˜แƒ— แƒฃแƒœแƒ“แƒ แƒ’แƒแƒ•แƒแƒแƒœแƒแƒšแƒ˜แƒ–แƒแƒ— แƒ”แƒก แƒ แƒ”แƒžแƒแƒ แƒขแƒ˜ แƒแƒฅแƒ•แƒก false-positive-แƒ”แƒ‘แƒ˜*

  12. OWASP dependencyCheck Android

  13. Gradle setup โ€ข project and app-level gradle

  14. Advanced setup

  15. CVSS - =Common Vulnerability Scoring System

  16. แƒ›แƒแƒ“แƒšแƒแƒ‘แƒ