Paweł Jakub Dawidek: Zarządzanie danymi wrażliwymi w aplikacjach - analiza bezpieczeństwa platform mobilnych.

•

0 gefällt mir•727 views

Prezentacja pokaże historyczny rozwój platform mobilnych na przykładzie naszego doświadczenia z użycia technologii mobilnych w bankowości elektronicznej/mobilnej oraz przeanalizuje i porówna bezpieczeństwo platform mobilnych.

Mobil

in 2004 we start a company
(Wheel Systems)
after 12 years... mission not yet fully accomplished,
but really soon now
in 2005 we deploy CERB (corporate
version) for the first time
our mission:
eliminate static passwords!
our product: authentication system
(CERB) which uses mobile application
as one-time password generator
it is 2004, so the name for the app is
obvious: JavaToken
in 2007 we deploy CERB
Banking in Eurobank
in 2013 we launch Mobter

JavaToken
Can run on (almost) any Java phone
Implements AES, SHA256
Fits easily into 30kB limit

no SSL/TLS (no secure transport)
no AppStore, no Google Play
no applications signing
no secure updates
internet communication only during installation
no PIN to unlock your phone, no TouchID, etc.
not enough power to harden PIN
no full disk encryption
30kB application size limit

.jar contains a secret encrypted using activation code
application built-in secret
dedicated .jar for every customer
activation code provided in bank outpost
unpredictable URL send via WAP-Push or SMS (no access for bank’s employees)
start identifier
challenge compression (9 digits)
no local PIN verification (a playing card hint, 6.25%, 625)

application isolation
much more secure installation process
mobile OSes designed for single user
separation between applications
autonomous platform (problem when compromised)
native apps allow for better security than web sites (eg. certificate pinning)

Android fragmentation problem
(two dimensions)

much harder and longer to update for security fixes
Android customized by hardware vendors and mobile operators
much slower adoption for new security features
various security features not available for all hardware vendors

Weitere ähnliche Inhalte

Ähnlich wie Paweł Jakub Dawidek: Zarządzanie danymi wrażliwymi w aplikacjach - analiza bezpieczeństwa platform mobilnych.

Security Best Practices for Mobile Development

Salesforce Developers

Nano S O A

diongillard

Canopy SF Home Automation Meetup Slides 10/14/2014

gregulator

Originally Recorded March 18, 2020 DevSecOps enthusiast D.J. Schleen unveils the latest updates to the DevSecOps Reference Architecture, an extensive chart of open-source tools and third-party applications that now includes mobile app pipelines. Join us to score your own copy and learn: + The most popular tools and integrations to automate and scale your pipeline + How and where mobile DevSecOps differs from web + Where to apply dynamic and interactive application security testing to speed app delivery

From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture

NowSecure

What is Codename One - Transcript.pdf

ShaiAlmog1

Most mobile apps today are built using traditional desktop tools. These tools are complex, need to be downloaded, installed, frameworks configured, and lack real-time collaboration. To build mobile apps fast, to stay ahead, and innovate in the enterprise, developers need new tools to create mobile apps. The new tools are running entirely in the cloud, offer real time collaboration, sharing, and connections to cloud APIs. In this live coding session attendees will learn about Appery.io platform, and how to build a mobile app connected cloud APIs. Creating re-usable API plug-ins will be shown as well. Attendees will be able to test the app on their phones as its being built.

Wolters Kluwer Tech. Conference: Disrupting Mobile Development

Max Katz

We specialized in information and network security services industry. Our strong leadership and passion for information security helped us build unique portfolio of service. We bring cutting-edge information security products in association with our global partners, early adoption of best practices and quality standards helps us deliver excellence. PROFESSIONAL TEAM Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients. When you choose us, our team interacts with you on a personalized level and offers you complete guidance with reference to your queries and requests. CUTTING EDGE PRODUCTS Forensic Software & Solutions Proactive Forensic Solution Universal Second Factor Authentication WebPurifier – Web Filter Traffic Compression and Secured Connection IT Protection, Antivirus & Firewall TSCM Product TAILORED SERVICES Research & Development Reverse Engineering Programming: C/C++ and other languages System, Data network, Remote Access management Distributed Solution Virtualization

We don’t panic.

WJN

Srs of skype

Anuj Singh

Fixing Security by Fixing Software Development Using Continuous Deployment Do you have an effective release cycle? Is your process long and archaic? Long release cycle are typically based on assumptions we haven't seen since the 1980s and require very mature organizations to implement successfully. They can also disenfranchise developers from caring or even knowing about security or operational issues. Attend this session to learn more about an alternative approach to managing deployments through Continuous Deployment, otherwise known as Continuous Delivery. Find out how small, but frequent changes to the production environment can transform an organization’s development process to truly integrate security. Learn how to get started with continuous deployment and what tools and process are needed to make implementation within your organization a (security) success.

Fixing security by fixing software development

Nick Galbreath

Global IoT Cloud Services Survey-Aug-20160527

August Lin

Con8902 developing secure mobile applications-final

OracleIDM

Securing and Scaling SaaS

guest05bda0

SOTP_Introduction

Johnson Wu

[Rakuten TechConf2014] [Fukuoka] Case Study of Financial Web Systems Developm...

Rakuten Group, Inc.

Faster Secure Software Development with Continuous Deployment - PH Days 2013

Nick Galbreath

Mobile application development is getting competitive with lots of new products and platforms. What makes it more competitive is that the client stresses on aggressive timelines. Most of the customers expect their mobile application to come live in weeks rather than months, as they know that delay of each day means their competitor will be catching up. Therefore, the customers would prefer a rapid mobile application development, which, at same time, do not compromise on security and features. And hence, the mobile solution vendors and developers are looking for ways to accelerate the mobile application design and development to meet the aggressive timelines. This paper explains how Oracle MAF and Oracle Mobile Cloud Service, the two latest Oracle technologies, help in accelerating mobile application development. It focuses on how RapidValue has implemented mobile applications using the Oracle Mobile Application Framework (MAF).

How Oracle Mobile Cloud and Oracle MAF can Acccelerate Mobile Application Dev...

RapidValue

Top 10 Security Concerns of Windows Mobile (and how to Overcome them)

jasonlan

Mobile Store

Yasmin Jass

Mobile application development is getting competitive with lots of new products and platforms. What makes it more competitive is that the client stresses on aggressive timelines. Most of the customers expect their mobile application to come live in weeks rather than months, as they know that delay of each day means their competitor will be catching up. Therefore, the customers would prefer a rapid mobile application development, which, at same time, do not compromise on security and features. And hence, the mobile solution vendors and developers are looking for ways to accelerate the mobile application design and development to meet the aggressive timelines. This paper explains how Oracle MAF and Oracle Mobile Cloud Service, the two latest Oracle technologies, help in accelerating mobile application development. It focuses on low RapidValue has implemented mobile applications using the Oracle Mobile Application Framework (MAF).

How Oracle MAF & Oracle Mobile Cloud can Accelerate Mobile App Development - ...

RapidValue

02 BlackBerry Application Development

Arief Gunawan

Ähnlich wie Paweł Jakub Dawidek: Zarządzanie danymi wrażliwymi w aplikacjach - analiza bezpieczeństwa platform mobilnych. (20)

Security Best Practices for Mobile Development

Nano S O A

Canopy SF Home Automation Meetup Slides 10/14/2014

From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture

What is Codename One - Transcript.pdf

Wolters Kluwer Tech. Conference: Disrupting Mobile Development

We don’t panic.

Srs of skype

Fixing security by fixing software development

Global IoT Cloud Services Survey-Aug-20160527

Con8902 developing secure mobile applications-final

Securing and Scaling SaaS

SOTP_Introduction

[Rakuten TechConf2014] [Fukuoka] Case Study of Financial Web Systems Developm...

Faster Secure Software Development with Continuous Deployment - PH Days 2013

How Oracle Mobile Cloud and Oracle MAF can Acccelerate Mobile Application Dev...

Top 10 Security Concerns of Windows Mobile (and how to Overcome them)

Mobile Store

How Oracle MAF & Oracle Mobile Cloud can Accelerate Mobile App Development - ...

02 BlackBerry Application Development

Mehr von Mobile Trends

#MTC2019: Ludzka twarz bankowości - zastosowanie asystentów głosowych w sekto...

Mobile Trends

#MTC2019: Dobrze zaprojektowane ubezpieczenie dla rodzin. Case study Link4 ma...

Mobile Trends

#MTC2019: Podróżowanie w prostej taryfie i bez zbędnego bagażu. Case study z ...

Mobile Trends

#MTC2019: MEMerytura - czyli jak komunikować potrzebę oszczędzania osobom żyj...

Mobile Trends

#MTC2019: Design system - jak pomaga bankom? - Piotr Dziadowicz (EDISONDA)

Mobile Trends

#MTC2019: Czy bank może zrozumieć e-commerce? - Jadwiga Kijak (Mobee Dick)

Mobile Trends

#MTC2019: Ewolucja mobilnej bankowości ING - jak podejmować decyzje biznesowe...

Mobile Trends

#MTC2019: Dlaczego młodzi nie skorzystają z Twojej aplikacji? Nie, to nie jes...

Mobile Trends

#MTC2019: Autopay w Banku Millennium - czy aplikacje bankowe staną się wkrótc...

Mobile Trends

#MTC2019: Jasnopisanie w bankowości - rzecz o tym jak być zrozumiałym - Włodz...

Mobile Trends

#MTC2019: Bank w kieszeni - jak startupy i technologia okradają sektor finans...

Mobile Trends

#MTC2019: Wyścig zbrojeń PSD2 – krótka historia tego, jak świat walczy o Twoj...

Mobile Trends

#MTC2019: Otwarta bankowość, VAS-y - trendy rynkowe vs oczekiwania klientów -...

Mobile Trends

#MTC2019: Co ma apka do kurczaka - Marek Michalski (Grupa WM)

Mobile Trends

#MTC2019: Jak połączyć wymagania biznesowe i wymagania użytkowników końcowych...

Mobile Trends

#MTC2019: Nie tylko smartfon: nowe przykłady użycia dla Androida - Nadia Ait ...

Mobile Trends

#MTC2019: Voice Commerce - kiedy użytkownicy i ecommerce będą gotowi na głoso...

Mobile Trends

Interfejsy konwersacyjne zdobywają coraz większą popularność, a użytkownicy już teraz oczekują natychmiastowej i naturalnej komunikacji. Jak firmy mogą odpowiedzieć na ich potrzeby? Dołączając do tej sesji usłyszycie, jak marki mogą wejść w dialog ze swoimi klientami, wykorzystując technologię Asystenta Google. Prelekcja wygłoszona podczas Mobile Trends Conference, 7-8 marca 2019 r. w Krakowie.

#MTC2019: Dialog z klientem w Erze Asystentów - Michal Dlugosz (Google)

Mobile Trends

#MTC2019: Mobile (jeszcze bardziej) first! PWA jako wyzwanie UX - Filip Makow...

Mobile Trends

W 2018 roku w Banku Zachodnim WBK przechodziliśmy wiele zmian, z których największy wpływ na rozwój aplikacji mobilnej miały: zmiana marki na Santander Bank Polska S.A. oraz transformacja agile. Podczas prezentacji opowiem, jak wykorzystaliśmy tę szansę do dostarczenia naszym klientom odświeżonej i zoptymalizowanej wersji aplikacji mobilnej. Prelekcja wygłoszona podczas Mobile Trends Conference, 7-8 marca 2019 r. w Krakowie.

#MTC2019: Jak wykorzystać zmianę marki do wytyczenia nowego kierunku w rozwoj...

Mobile Trends

Mehr von Mobile Trends (20)