Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing Mobile Devices

Daiane Santos
September 14, 2024
16

Securing Mobile Devices

Mind the Sec 2023

Daiane Santos

September 14, 2024
Tweet

Transcript

  1. Agenda Common Mobile Vulnerabilities OWASP Top 10 Mobile Securing Mobile

    Apps Obfuscation Secure Coding 01 02 03 04 05
  2. $whoami Autist - AH/SD Mobile Security Engineer @ Nubank CTF

    Player and Captain @ RATF Neuroscience and Astronomy enthusiast
  3. OWASP Top 10 M1: Improper Platform Usage M2: Insecure Data

    Storage M3: Insecure Communication M4: Insecure Authentication M5: Insufficient Cryptography M6: Insecure Authorization M7: Client Code Quality M8: Code Tampering M9: Reverse Engineering M10: Extraneous Functionality
  4. Unauthorized access and fraud; Intelectual property theft; Trust damaged; Negative

    end-user experiences; Negative, potentially permanent impact on the brand’s reputation; Ongoing financial losses; Privacy related and confidencial/sensitive data theft. Business Impact
  5. 6. High-level Authentication 7. Secure the Backend 8. Minimize Storage

    of Sensitive Data 9. Be careful with Third-Party Services
  6. GENERAL REMOTE ATTESTATION INTEGRITY CHECKS ROOT DETECTION DEVICE BINDING SSL

    PINNING EMULATOR DETECTOR RESOURCES ENCRYPTION INTEGRITY CHECKS ANTI-TEMPERING APPLICATION CODE ENCRYPTION CODE OBFUSCATION ANTI-HOOK ANTI-TEMPERING CODE
  7. Secure Coding Best practices according to each programming language Map

    security requirements at the beginning of the project Include SAST and DAST tools, and a Vulnerability Management process