SlideShare a Scribd company logo

United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing Security Risk in Mobile Applications

Tyler Shields
Tyler Shields
TechnologyBusiness
1 of 42
• • • •
• • • • • •
• ‣ ‣ ‣
• • •
• ‣ ‣ ‣ •
• •
•
• • ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣
• • •
• • •
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
• ‣ ‣ • ‣
• • ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣
• ‣ ‣ ‣ •
• • • •
• • ‣ ‣ ‣ ‣
•
• ‣ •
• ‣ • ‣ ‣
•
• ‣ ‣ •
• • • ‣ ‣
• • ‣ ‣ • ‣
• • ‣ ‣ ‣
• final double amount = Float.valueOf(amountInput.getText().toString()); final String currency = "USD"; final String companyId = "your-company-id-here"; final String companyPassword = "your-company-password-here"; final String messageId = "your-message-id-here"; final String settlementId = "your-settlement-id-here";
• • ‣ • •
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing Security Risk in Mobile Applications

Recommended

Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Tyler Shields
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora PitfallTyler Shields
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
Del Garabateo A La Escritura Convencional
Del Garabateo A La Escritura ConvencionalDel Garabateo A La Escritura Convencional
Del Garabateo A La Escritura Convencionalguest57e31527
 

Recommended

Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Tyler Shields
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora PitfallTyler Shields
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
Del Garabateo A La Escritura Convencional
Del Garabateo A La Escritura ConvencionalDel Garabateo A La Escritura Convencional
Del Garabateo A La Escritura Convencionalguest57e31527
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxTyler Shields
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesTyler Shields
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesTyler Shields
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application BackdoorsTyler Shields
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers ViewTyler Shields
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityTyler Shields
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More ProblemsTyler Shields
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyTyler Shields
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerTyler Shields
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksTyler Shields
 
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareTyler Shields
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTyler Shields
 
GovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesGovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesTyler Shields
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRTyler Shields
 
CarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingCarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingTyler Shields
 

More Related Content

More from Tyler Shields

Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxTyler Shields
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesTyler Shields
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesTyler Shields
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application BackdoorsTyler Shields
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers ViewTyler Shields
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityTyler Shields
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More ProblemsTyler Shields
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyTyler Shields
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerTyler Shields
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksTyler Shields
 
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareTyler Shields
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTyler Shields
 
GovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesGovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesTyler Shields
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRTyler Shields
 
CarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingCarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingTyler Shields
 

More from Tyler Shields (20)

Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part Deux
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the Berries
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application Backdoors
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More Problems
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
 
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
 
GovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The BerriesGovCert.NL - The Monkey Steals The Berries
GovCert.NL - The Monkey Steals The Berries
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIR
 
CarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingCarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-Debugging
 

United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing Security Risk in Mobile Applications

  • 1.
  • 2.
  • 4.
  • 5.
  • 6.
  • 7. • • • • •
  • 8. ‣ ‣ ‣
  • 10.
  • 11. ‣ ‣ ‣ •
  • 13.
  • 14.
  • 15. • • ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣
  • 16.
  • 19. • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
  • 20. ‣ ‣ • ‣
  • 21. • • ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣ ‣
  • 22.
  • 23. ‣ ‣ ‣ •
  • 24.
  • 26. • • ‣ ‣ ‣ ‣
  • 27.
  • 28. ‣ •
  • 29.
  • 30.
  • 31. ‣ • ‣ ‣
  • 32.
  • 33. ‣ ‣ •
  • 34.
  • 35. • • • ‣ ‣
  • 36. • • ‣ ‣ • ‣
  • 37.
  • 38. • • ‣ ‣ ‣
  • 39. final double amount = Float.valueOf(amountInput.getText().toString()); final String currency = "USD"; final String companyId = "your-company-id-here"; final String companyPassword = "your-company-password-here"; final String messageId = "your-message-id-here"; final String settlementId = "your-settlement-id-here";
  • 40.
  • 41. • • ‣ • •