Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing Mobile Devices

Avatar for Daiane Santos Daiane Santos
September 14, 2024
1
21

Securing Mobile Devices

Mind the Sec 2023
Avatar for Daiane Santos

Daiane Santos

September 14, 2024
Tweet

More Decks by Daiane Santos

See All by Daiane Santos
A Journey into Mobile Malwares
Avatar for Daiane Santos daianesantos
1
100
Mobile Malwares: how to avoid them
Avatar for Daiane Santos daianesantos
1
19
Pegasus Spyware, a analysis
Avatar for Daiane Santos daianesantos
1
170
Mobile Malwares
Avatar for Daiane Santos daianesantos
1
7
Bypassing APK Protections
Avatar for Daiane Santos daianesantos
1
28
Mobile Hacking
Avatar for Daiane Santos daianesantos
1
33
Bypassing Mobile Protections
Avatar for Daiane Santos daianesantos
1
17
CTF - From 0 to Hero
Avatar for Daiane Santos daianesantos
1
86
GDPR e LGPD: O que eu tenho a ver?
Avatar for Daiane Santos daianesantos
2
310

Featured

See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
24
2.7k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
31
8.6k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
28
5.3k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.1k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
177
9.7k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
85
4.7k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
94
13k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.3k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
21k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
12k

Transcript

  1. None

  2. Securing Mobile Devices Daiane Santos

  3. Agenda Common Mobile Vulnerabilities OWASP Top 10 Mobile Securing Mobile

    Apps Obfuscation Secure Coding 01 02 03 04 05

  4. $whoami Autist - AH/SD Mobile Security Engineer @ Nubank CTF

    Player and Captain @ RATF Neuroscience and Astronomy enthusiast

  5. Common Mobile Vulnerabilities

  6. OWASP Top 10 M1: Improper Platform Usage M2: Insecure Data

    Storage M3: Insecure Communication M4: Insecure Authentication M5: Insufficient Cryptography M6: Insecure Authorization M7: Client Code Quality M8: Code Tampering M9: Reverse Engineering M10: Extraneous Functionality

  7. Unauthorized access and fraud; Intelectual property theft; Trust damaged; Negative

    end-user experiences; Negative, potentially permanent impact on the brand’s reputation; Ongoing financial losses; Privacy related and confidencial/sensitive data theft. Business Impact

  8. How do I know if I'm vulnerable?

  9. Can someone code-decrypt your app?

  10. Can someone reverse engineer this app with automated tools?

  11. How to Secure Mobile Devices

  12. Source Code Encryption Penetration Tests Secure the Data-in-transit Database Encryption

    Cryptography 1. 2. 3. 4. 5.

  13. 6. High-level Authentication 7. Secure the Backend 8. Minimize Storage

    of Sensitive Data 9. Be careful with Third-Party Services

  14. GENERAL REMOTE ATTESTATION INTEGRITY CHECKS ROOT DETECTION DEVICE BINDING SSL

    PINNING EMULATOR DETECTOR RESOURCES ENCRYPTION INTEGRITY CHECKS ANTI-TEMPERING APPLICATION CODE ENCRYPTION CODE OBFUSCATION ANTI-HOOK ANTI-TEMPERING CODE

  15. Obfuscation

  16. None
  17. None
  18. None
  19. None
  20. None

  21. Secure Coding Best practices according to each programming language Map

    security requirements at the beginning of the project Include SAST and DAST tools, and a Vulnerability Management process

  22. References OWASP Mobile Top 10 Mobile Testing Guide Secure Coding

    Practices

  23. Thank you! If you have any questions, please feel free

    to contact me!