SlideShare una empresa de Scribd logo

5 Key Ways to Incorporate Security Protection into your Organization’s Mobile Application Development Lifecycle

Descargar como PPTX, PDF
IBM Security
IBM Security

Take a deep-dive into the benefits of incorporating improved security protection into your organization’s mobile application development lifecycle, from testing phase to run-time. In this on-demand webinar, you’ll learn how to: - Better identify application integrity risks (vulnerable portions of your apps that could serve as attractive attack targets to hackers, even after you’ve adhered to safe-coding practices), and to bolster your overall level of mobile security protection. - Deploy protection tools—based on AppScan-aided risk assessment technology and supplemented by manual analysis—to design and implement “defend”, “detect”, and “react” protections inside your applications, without modifying their source code. - Augment your code-testing with proactive protections inside your mobile applications, by learning more about IBM’s and Arxan’s partnered solutions. View the full on-demand webcast: http://securityintelligence.com/events/incorporating-security-protection-organizations-mobile-application-development-lifecycle/#.VYxU1_lVhBf

Tecnología
1 de 24
© 2014 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation 5 Key Ways to Incorporate Security Protection into your Organization’s Mobile Application Development Lifecycle
© 2014 IBM Corporation IBM Security Systems 2 Mobile Application Security Landscape Mobile Risks and Attack Vectors Incorporating Protection Into Your Mobile Application Development Lifecycle Agenda
© 2014 IBM Corporation IBM Security Systems 3 Threats are Increasing – Old and New Targets ??????????????????????XSS and SQL Injection Exploitations Mobile Devices Targeted Web Application Vulnerabilities ??????????????????????Mobile Malware Increasing Malicious code infects more than 11.6 million mobile devices at any given time Source: InfoSec, "Mobile Malware Infects Millions; LTE Spurs Growth," January 2014 Mobile devices and apps that we rely on are under attack 90% of top mobile apps have been hacked Source: Arxan Technologies, “App Economy under Attack: Report Reveals More than 90 Percent of the Top 100 Mobile Apps Have Been Hacked” Web Application Vulnerabilities XSS and SQL injection exploits continue in high numbers Source: IBM X-Force Threat Intelligence Quarterly, 1Q 2014 Source: IBM X-Force Threat Intelligence Quarterly, 1Q 2014 33% of vulnerability disclosures are web application vulnerabilities
© 2014 IBM Corporation IBM Security Systems 4 Mobile Malware Growth’s Logarithmic
© 2014 IBM Corporation IBM Security Systems 5 Mobile Apps Under Attack • “78 percent of top 100 paid Android and iOS Apps are available as hacked versions on third-party sites” (“State of Security in the App Economy”, Arxan, 2013) • "Chinese App Store Offers Pirated iOS Apps Without the Need to Jailbreak” (Extreme Tech, 2013) • “86% of Mobile Malware is legit apps repackaged with malicious payloads” (NC State University, 2012)
© 2014 IBM Corporation IBM Security Systems 6 Mobile Risks and Attack Vectors
© 2014 IBM Corporation IBM Security Systems 7  Data leakage – Malware attacks – Account information on mobile devices  Cracking mobile apps – Easy access to applications – Reverse-engineering  Little to no App control – BYOD – Consumer devices OWASP Mobile Top 10 Risks (RC 2014 V1) #2 Insecure Data Storage #4 Unintended Data Leakage #10 Lack of Binary Protections User vs. Enterprise Risk  Threat from Malware - Trojans and Spyware  Phishing  Fake Android marketplace - Malware bundled with apps  Unauthorized Use of: - Contact DB - Email - SMS (text messages) - Phone (placing calls) - GPS (public location) - Data on device User Enterprise
© 2014 IBM Corporation IBM Security Systems 8 App Confidentiality and Integrity Risks • Application binaries can be modified • Run-time behavior of applications can be altered • Malicious code can be injected into applications Integrity Risk (Code Modification or Code Injection Vulnerabilities) • Sensitive information can be exposed • Applications can be reverse-engineered back to the source code • Code can be lifted and reused or repackaged Confidentiality Risk (Reverse Engineering or Code Analysis Vulnerabilities)
© 2014 IBM Corporation IBM Security Systems 9 Lots of Ways to Hack an App
© 2014 IBM Corporation IBM Security Systems 10 “Tools of the Trade” for Mobile Pen-Testers or Black Hats Category Example Tools App decryption / unpacking / conversion • Clutch • APKTool • dex2jar Static binary analysis, disassembly, decompilation • IDA Pro & Hex Rays (disassembler/decompiler) • Hopper (disassembler/decompiler) • JD-GUI (decompiler) • Baksmali (disassembler) • Info dumping: class-dump-z (classes), nm (symbols), strings Runtime binary analysis • GDB (debugger) • ADB (debugger) • Introspy (tracer/analyzer) • Snoop-It (debugging/tracing, manipulation) • Sogeti tools (dump key chain or filesystem, custom ramdisk boot, PIN brute force) Runtime manipulation, code injection, method swizzling, patching • Cydia Substrate (code modification platform) (MobileHooker, MobileLoader) • Cycript / Cynject • DYLD • Theos suite • Hex editors Jailbreak detection evasion • xCon, BreakThrough, tsProtector Integrated pen-test toolsets • AppUse (custom "hostile" Android ROM loaded with hooks, ReFrameworker runtime manipulator, reversing tools) • Snoop-It (iOS monitoring, dynamic binary analysis, manipulation) • iAnalyzer (iOS app decrypting, static/dynamic binary analysis, tampering)
© 2014 IBM Corporation IBM Security Systems 11 Real Life Android Vulnerabilities • Android Java APK Reverse Engineering • Hackers can easily reverse engineer binary code (the executable) back to source code and primed for code tampering • Baksmali Code Modification • Hackers can easily crack open and disassemble (Baksmali) mobile code Video 1 Video 2
© 2014 IBM Corporation IBM Security Systems 12 Incorporating Protection Into Your Mobile Application Development Lifecycle
© 2014 IBM Corporation IBM Security Systems 13 Build and Keep It Secure Secure and Protected Application Free of critical flaws and vulnerabilities Protects itself against attacks Build It Secure Application Development IBM Worklight Build and Manage Mobile Apps Vulnerability Analysis & Testing IBM Security AppScan Identifies Vulnerabilities Keep It Secure Application Protection Release & Deployment Arxan Application Protection for IBM Solutions Defends, Detects & Reacts  Mobile application security risk is real and impacts Users and Enterprise  Don’t procrastinate – be proactive!
© 2014 IBM Corporation IBM Security Systems 14 OWASP Mobile Top 10 Risks Source: https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks
© 2014 IBM Corporation IBM Security Systems 15 AppScan Vulnerability Analysis
© 2014 IBM Corporation IBM Security Systems 16 Experts Recommend Protecting Binary Code Consultants Analysts OWASP Mobile Top 10 Risks “Protect Your Binary”
© 2014 IBM Corporation IBM Security Systems 17 Risks Identified with the New AppScan Rules New Custom Rules for AppScan identify key OWASP M10 issues: OWASP M10 Issues That New AppScan Custom Rules Cover 1. Repackaging 6. Exposed Data Symbols 2. Swizzle With Behavioral Change 7. Exposed String Tables 3. Security Control Bypass 8. Cryptographic Key Interception 4. Automated Jailbreak Breaking 9. Presentation Layer Modification 5. Exposed Method Signatures 10.Application Decryption
© 2014 IBM Corporation IBM Security Systems 18 A Number of Guards Can Be Leveraged Defend against compromise • Advanced Obfuscation • Encryption • Pre-Damage • Metadata Removal Detect attacks at run-time • Checksum • Debugger Detection • Resource Verification • Resource Encryption • Jailbreak/Root Detection • Swizzling Detection • Hook Detection React to ward off attacks • Shut Down (Exit, Fail) • Self-Repair • Custom Reactions • Alert / Phone Home
© 2014 IBM Corporation IBM Security Systems 19 AppScan / Arxan Integration
© 2014 IBM Corporation IBM Security Systems 20 Arxan® + IBM AppScan® Solution Components Solution Components Benefits 1. Technical guide • How to integrate IBM Security AppScan® and Arxan into the SDLC to use them in conjunction Control full scope of risks and build in security from testing to run-time protection 2. Augmented IBM Security AppScan® rules • Custom scan configuration for AppScan to better identify app integrity risks Inform required protections against app integrity attacks that can compromise even ‘flawless’ code 3. Usage of Arxan protection tools • Informs creation of Arxan GuardSpec based on AppScan-aided integrity risk assessment, supplemented by manual analysis Design and implement "defend", "detect", and "react" app integrity protections inside your app, without modifying its source code 4. Tested and validated • Demonstration with a sample app Helps ensure interoperability and support
© 2014 IBM Corporation IBM Security Systems 21 Why Arxan?  ‘Gold standard’ protection strength  Multi-layer Guard Network  Static & run-time Guards  Customizable to your application  Automated randomization for each build  No disruption to SDLC or source code with unique binary- based Guard injection  Cross platform support -- > 7 mobile platforms alone  Proven – Protected apps deployed on over 300 million devices – Hundreds of satisfied customers across Fortune 500  Unique IP ownership: 10+ patents  Integrated with other IBM security and mobility solutions
© 2014 IBM Corporation IBM Security Systems 22 Additional Resources How to Protect Worklight Apps with Arxan from IBM Date: Thursday, September 4 Time: 11AM EDT / 4 PM GMT Register: http://www.arxan.com/resources/arxan-and-ibm-app- protection-webinars/ Arxan/IBM White Paper: Securing Mobile Apps in the Wild http://www.arxan.com/securing-mobile-apps-in-the-wild-with-app- hardening-and-run-time-protection/
© 2014 IBM Corporation IBM Security Systems 23 Additional Resources Contact your IBM representative or email us at IBM@Arxan.com for more information Webinar Participants Eligible for Free Evaluation of Arxan Application Protection Software – Now offered as part of IBM’s Security Portfolio
© 2014 IBM Corporation IBM Security Systems 24 Tom Mulvehill IBM Product Management tom.mulvehill@us.ibm.com Will Frontiero IBM Software Engineering wfronti@us.ibm.com Jonathan Carter Arxan Technical Director jcarter@arxan.com Thank You!

Recomendados

Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Krisshhna Daasaarii
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2Krisshhna Daasaarii
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
7 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 20157 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 2015IBM Security
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 

Recomendados

Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Krisshhna Daasaarii
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2Krisshhna Daasaarii
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
7 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 20157 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 2015IBM Security
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
 
Secure Coding 2013
Secure Coding 2013 Secure Coding 2013
Secure Coding 2013 The eCore Group
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSubho Halder
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Mobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsMobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsSkycure
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Krisshhna Daasaarii
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code ReviewsDenim Group
 
Security testing in mobile applications
Security testing in mobile applicationsSecurity testing in mobile applications
Security testing in mobile applicationsJose Manuel Ortega Candel
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the CrimeIBM Security
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
FCI-company profile
FCI-company profileFCI-company profile
FCI-company profileAmit Sardar
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 

Más contenido relacionado

La actualidad más candente

Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSubho Halder
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Mobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsMobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsSkycure
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code ReviewsDenim Group
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the CrimeIBM Security
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
FCI-company profile
FCI-company profileFCI-company profile
FCI-company profileAmit Sardar
 

La actualidad más candente (20)

Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile Applications
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber Attacks
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient Truth
 
Secure Coding 2013
Secure Coding 2013 Secure Coding 2013
Secure Coding 2013
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
Mobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsMobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 Predictions
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code Reviews
 
Security testing in mobile applications
Security testing in mobile applicationsSecurity testing in mobile applications
Security testing in mobile applications
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the Crime
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic Key
 
FCI-company profile
FCI-company profileFCI-company profile
FCI-company profile
 

Similar a 5 Key Ways to Incorporate Security Protection into your Organization’s Mobile Application Development Lifecycle

MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsMalware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsIBM Security
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfFuGenx Technologies
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecIBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM Security
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat ManagementKillian Delaney
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseIBM Security
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsBlueboxer2014
 
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...IBM Security
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protectionxband
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the CrimeIBM Security
 
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Arnold Bijlsma
 

Similar a 5 Key Ways to Incorporate Security Protection into your Organization’s Mobile Application Development Lifecycle (20)

MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsMalware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdf
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat Management
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile Enterprise
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending Apps
 
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protection
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the Crime
 
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
 

Más de IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 

Más de IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Último

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Último (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

5 Key Ways to Incorporate Security Protection into your Organization’s Mobile Application Development Lifecycle

  • 1. © 2014 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation 5 Key Ways to Incorporate Security Protection into your Organization’s Mobile Application Development Lifecycle
  • 2. © 2014 IBM Corporation IBM Security Systems 2 Mobile Application Security Landscape Mobile Risks and Attack Vectors Incorporating Protection Into Your Mobile Application Development Lifecycle Agenda
  • 3. © 2014 IBM Corporation IBM Security Systems 3 Threats are Increasing – Old and New Targets ??????????????????????XSS and SQL Injection Exploitations Mobile Devices Targeted Web Application Vulnerabilities ??????????????????????Mobile Malware Increasing Malicious code infects more than 11.6 million mobile devices at any given time Source: InfoSec, "Mobile Malware Infects Millions; LTE Spurs Growth," January 2014 Mobile devices and apps that we rely on are under attack 90% of top mobile apps have been hacked Source: Arxan Technologies, “App Economy under Attack: Report Reveals More than 90 Percent of the Top 100 Mobile Apps Have Been Hacked” Web Application Vulnerabilities XSS and SQL injection exploits continue in high numbers Source: IBM X-Force Threat Intelligence Quarterly, 1Q 2014 Source: IBM X-Force Threat Intelligence Quarterly, 1Q 2014 33% of vulnerability disclosures are web application vulnerabilities
  • 4. © 2014 IBM Corporation IBM Security Systems 4 Mobile Malware Growth’s Logarithmic
  • 5. © 2014 IBM Corporation IBM Security Systems 5 Mobile Apps Under Attack • “78 percent of top 100 paid Android and iOS Apps are available as hacked versions on third-party sites” (“State of Security in the App Economy”, Arxan, 2013) • "Chinese App Store Offers Pirated iOS Apps Without the Need to Jailbreak” (Extreme Tech, 2013) • “86% of Mobile Malware is legit apps repackaged with malicious payloads” (NC State University, 2012)
  • 6. © 2014 IBM Corporation IBM Security Systems 6 Mobile Risks and Attack Vectors
  • 7. © 2014 IBM Corporation IBM Security Systems 7  Data leakage – Malware attacks – Account information on mobile devices  Cracking mobile apps – Easy access to applications – Reverse-engineering  Little to no App control – BYOD – Consumer devices OWASP Mobile Top 10 Risks (RC 2014 V1) #2 Insecure Data Storage #4 Unintended Data Leakage #10 Lack of Binary Protections User vs. Enterprise Risk  Threat from Malware - Trojans and Spyware  Phishing  Fake Android marketplace - Malware bundled with apps  Unauthorized Use of: - Contact DB - Email - SMS (text messages) - Phone (placing calls) - GPS (public location) - Data on device User Enterprise
  • 8. © 2014 IBM Corporation IBM Security Systems 8 App Confidentiality and Integrity Risks • Application binaries can be modified • Run-time behavior of applications can be altered • Malicious code can be injected into applications Integrity Risk (Code Modification or Code Injection Vulnerabilities) • Sensitive information can be exposed • Applications can be reverse-engineered back to the source code • Code can be lifted and reused or repackaged Confidentiality Risk (Reverse Engineering or Code Analysis Vulnerabilities)
  • 9. © 2014 IBM Corporation IBM Security Systems 9 Lots of Ways to Hack an App
  • 10. © 2014 IBM Corporation IBM Security Systems 10 “Tools of the Trade” for Mobile Pen-Testers or Black Hats Category Example Tools App decryption / unpacking / conversion • Clutch • APKTool • dex2jar Static binary analysis, disassembly, decompilation • IDA Pro & Hex Rays (disassembler/decompiler) • Hopper (disassembler/decompiler) • JD-GUI (decompiler) • Baksmali (disassembler) • Info dumping: class-dump-z (classes), nm (symbols), strings Runtime binary analysis • GDB (debugger) • ADB (debugger) • Introspy (tracer/analyzer) • Snoop-It (debugging/tracing, manipulation) • Sogeti tools (dump key chain or filesystem, custom ramdisk boot, PIN brute force) Runtime manipulation, code injection, method swizzling, patching • Cydia Substrate (code modification platform) (MobileHooker, MobileLoader) • Cycript / Cynject • DYLD • Theos suite • Hex editors Jailbreak detection evasion • xCon, BreakThrough, tsProtector Integrated pen-test toolsets • AppUse (custom "hostile" Android ROM loaded with hooks, ReFrameworker runtime manipulator, reversing tools) • Snoop-It (iOS monitoring, dynamic binary analysis, manipulation) • iAnalyzer (iOS app decrypting, static/dynamic binary analysis, tampering)
  • 11. © 2014 IBM Corporation IBM Security Systems 11 Real Life Android Vulnerabilities • Android Java APK Reverse Engineering • Hackers can easily reverse engineer binary code (the executable) back to source code and primed for code tampering • Baksmali Code Modification • Hackers can easily crack open and disassemble (Baksmali) mobile code Video 1 Video 2
  • 12. © 2014 IBM Corporation IBM Security Systems 12 Incorporating Protection Into Your Mobile Application Development Lifecycle
  • 13. © 2014 IBM Corporation IBM Security Systems 13 Build and Keep It Secure Secure and Protected Application Free of critical flaws and vulnerabilities Protects itself against attacks Build It Secure Application Development IBM Worklight Build and Manage Mobile Apps Vulnerability Analysis & Testing IBM Security AppScan Identifies Vulnerabilities Keep It Secure Application Protection Release & Deployment Arxan Application Protection for IBM Solutions Defends, Detects & Reacts  Mobile application security risk is real and impacts Users and Enterprise  Don’t procrastinate – be proactive!
  • 14. © 2014 IBM Corporation IBM Security Systems 14 OWASP Mobile Top 10 Risks Source: https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks
  • 15. © 2014 IBM Corporation IBM Security Systems 15 AppScan Vulnerability Analysis
  • 16. © 2014 IBM Corporation IBM Security Systems 16 Experts Recommend Protecting Binary Code Consultants Analysts OWASP Mobile Top 10 Risks “Protect Your Binary”
  • 17. © 2014 IBM Corporation IBM Security Systems 17 Risks Identified with the New AppScan Rules New Custom Rules for AppScan identify key OWASP M10 issues: OWASP M10 Issues That New AppScan Custom Rules Cover 1. Repackaging 6. Exposed Data Symbols 2. Swizzle With Behavioral Change 7. Exposed String Tables 3. Security Control Bypass 8. Cryptographic Key Interception 4. Automated Jailbreak Breaking 9. Presentation Layer Modification 5. Exposed Method Signatures 10.Application Decryption
  • 18. © 2014 IBM Corporation IBM Security Systems 18 A Number of Guards Can Be Leveraged Defend against compromise • Advanced Obfuscation • Encryption • Pre-Damage • Metadata Removal Detect attacks at run-time • Checksum • Debugger Detection • Resource Verification • Resource Encryption • Jailbreak/Root Detection • Swizzling Detection • Hook Detection React to ward off attacks • Shut Down (Exit, Fail) • Self-Repair • Custom Reactions • Alert / Phone Home
  • 19. © 2014 IBM Corporation IBM Security Systems 19 AppScan / Arxan Integration
  • 20. © 2014 IBM Corporation IBM Security Systems 20 Arxan® + IBM AppScan® Solution Components Solution Components Benefits 1. Technical guide • How to integrate IBM Security AppScan® and Arxan into the SDLC to use them in conjunction Control full scope of risks and build in security from testing to run-time protection 2. Augmented IBM Security AppScan® rules • Custom scan configuration for AppScan to better identify app integrity risks Inform required protections against app integrity attacks that can compromise even ‘flawless’ code 3. Usage of Arxan protection tools • Informs creation of Arxan GuardSpec based on AppScan-aided integrity risk assessment, supplemented by manual analysis Design and implement "defend", "detect", and "react" app integrity protections inside your app, without modifying its source code 4. Tested and validated • Demonstration with a sample app Helps ensure interoperability and support
  • 21. © 2014 IBM Corporation IBM Security Systems 21 Why Arxan?  ‘Gold standard’ protection strength  Multi-layer Guard Network  Static & run-time Guards  Customizable to your application  Automated randomization for each build  No disruption to SDLC or source code with unique binary- based Guard injection  Cross platform support -- > 7 mobile platforms alone  Proven – Protected apps deployed on over 300 million devices – Hundreds of satisfied customers across Fortune 500  Unique IP ownership: 10+ patents  Integrated with other IBM security and mobility solutions
  • 22. © 2014 IBM Corporation IBM Security Systems 22 Additional Resources How to Protect Worklight Apps with Arxan from IBM Date: Thursday, September 4 Time: 11AM EDT / 4 PM GMT Register: http://www.arxan.com/resources/arxan-and-ibm-app- protection-webinars/ Arxan/IBM White Paper: Securing Mobile Apps in the Wild http://www.arxan.com/securing-mobile-apps-in-the-wild-with-app- hardening-and-run-time-protection/
  • 23. © 2014 IBM Corporation IBM Security Systems 23 Additional Resources Contact your IBM representative or email us at IBM@Arxan.com for more information Webinar Participants Eligible for Free Evaluation of Arxan Application Protection Software – Now offered as part of IBM’s Security Portfolio
  • 24. © 2014 IBM Corporation IBM Security Systems 24 Tom Mulvehill IBM Product Management tom.mulvehill@us.ibm.com Will Frontiero IBM Software Engineering wfronti@us.ibm.com Jonathan Carter Arxan Technical Director jcarter@arxan.com Thank You!