SlideShare ist ein Scribd-Unternehmen logo

The 411 on Mobile Application Security Testing and Runtime Protection for iOS Applications

Als PPTX, PDF herunterladen
IBM Security
IBM Security

View Session 3 ondemand: https://securityintelligence.com/events/the-411-on-mobile-application-security-testing-for-ios-devices/ Full webinar Series: https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&referrer=&eventid=1071189&sessionid=1&key=6218FFB2E8F57B0499B33332051FE943&regTag=5303&sourcepage=register Session 3 of IBM’s #CoverYourApps with Application Security on Cloud Webinar Series In our final session, we’ll provide best practices for mobile application security testing for security vulnerabilities and protecting them at runtime, with a special emphasis on iOS applications. It is commonly believed that iOS apps are more secure than Android apps, but that doesn’t mean that your iOS apps might not contain vulnerabilities and/or there aren’t ways for attackers to circumvent IOS’s security controls. You’ll learn how to protect your ever-expanding portfolio of mobile apps, to stay one step ahead of the rush-to-release phenomenon. Check out the rest of our #CoverYourApps with IBM’s Application Security on Cloud Webinar Series! Register today for all three to get up to speed on the latest from IBM on Application Security on Cloud. Full webinar Series:

Technologie
1 von 36
© 2015 IBM Corporation Eitan Worcel IBM Application Security on Cloud Chris Stahly Arxan Director Application Protection Services The 411 on Mobile Application Security Testing and Runtime Protection for iOS Applications
2© 2015 IBM Corporation Security Intelligence Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Content Security Application Security Transaction Security Device Security DATA Personal and Consumer Enterprise Device Security Content Security Application Security Transaction Security Device as ID Provision, manage and secure Corporate and BYOD devices Secure enterprise content access and sharing Develop vulnerability free, tamper proof and risk aware applications Prevent & detect high risk mobile transactions from employees, customers and partners Mobile Identity Platform Security Intelligence A unified architecture for integrating mobile security information & event management (SIEM), log management, anomaly detection, and configuration & vulnerability management IBM Mobile Security Framework
3© 2015 IBM Corporation Agenda Mobile App Sec • Exploring Mobile App Vulnerabilities • Mobile Security Overview iOS Mobile App Sec • Exploring iOS vulnerabilities & attacks • Protection Approaches • Application Testing Demo Additional Resources
4© 2015 IBM Corporation December 2013 Android Fragment Injection A set of vulnerabilities exposed by Mobile Analyzer Research leading to a new discovery of Android vulnerability class! X-Force Mobile Vulnerability Findings
5© 2015 IBM Corporation March 2014 Firefox vulnerability Overtaking Firefox Profiles identified by Mobile Analyzer Disclosed and fixed X-Force Mobile Vulnerability Findings
6© 2015 IBM Corporation July 2014 Android KeyStore Vulnerability Stack Buffer Overflow X-Force Mobile Vulnerability Findings
7© 2015 IBM Corporation August 2014 Apache Cordova Vulnerability 10% of Android Banking Apps Potentially Vulnerable X-Force Mobile Vulnerability Findings
8© 2015 IBM Corporation February 2015 Dating Apps Vulnerabilities Mobile Analyzer identified medium to high vulnerabilities in over 60% of the top dating apps X-Force Mobile Vulnerability Findings
9© 2015 IBM Corporation August 2015 Android Serialization Vulnerability Over 55 percent of Android phones are at risk. Vulnerability Gives Underprivileged Apps Super Status X-Force Mobile Vulnerability Findings
10© 2015 IBM Corporation X-Force Mobile Vulnerability Findings April 2015 Deobfuscating iOS Kernel Pointers Vulnerability Information leak vulnerability in iOS which can be used to defeat the kernel address obfuscation mechanism available since iOS 6
11© 2015 IBM Corporation Mobile Security Overview
12© 2015 IBM Corporation Web Apps Internet Web Apps Run in a Browser Database Internet
13© 2015 IBM Corporation Database Mobile Apps Run on the Phone and are Supported by Mobile Services Internet Mobile Services
14© 2015 IBM Corporation Internet Mobile Services Database Testing Mobile Apps is Different from Testing Web Apps We know how to pen test our networks We know how to pen test web app/services This is the new area where we need to focus
15© 2015 IBM Corporation Internet Web Apps Mobile Applications Have a Different Threat Model Internet Mobile Services Carrier Application Logic Temporary Storage Application Logic Temporary Storage JavaScript is sandboxed JavaScript can access device features Malicious Site Malicious Site Attacker with Root Malicious Apps Application Services
16© 2015 IBM Corporation iOS Mobile App Sec
17© 2015 IBM Corporation iOS Security Controls  Why should we trust the OS? – Code signing – Anti arbitrary code execution policies • ASLR • Memory pages marked W^X o Writable XOR executable • Stack canaries – Sandboxing – App encryption
18© 2015 IBM Corporation Circumventing iOS Controls  Jailbreaking – Remove iOS controls – Gain root access – Custom kernel – Privilege escalation
19© 2015 IBM Corporation Apple’s Threat Modeling  Attacks on System Integrity – Attacks on system integrity […] modify the system in such a way that it can no longer be trusted. […] the attacker might be able to: • Execute malicious code • Impersonate a user or server • Repudiate an action • https://developer.apple.com/library/ios/DOCUMENTATION/Security/Conceptua l/Security_Overview/ThreatModeling/ThreatModeling.html
20© 2015 IBM Corporation Jailbreak History • iPhone 1.0 (June 29th 2007) • Jailbroken (July 10th 2007) • 4.3.2 • redsn0w 0.9.11x (April 2011) • 4.3.3 • jailbreakme.com remote jailbreak (July 2011) • 5.1.1 • absinthe 2.0.x (May 2012) • 6.1 • evasi0n (January 30 2013) • 7.0 • evasi0n7 (December 2013) • 7.1 • Pangu (June 23 2014) • 8.1 • Pangu (January 2015) • 9.0 • Pangu (October 2015)
21© 2015 IBM Corporation iOS Recent Attacks Nobody is safe: Major App Store malware breach may affect millions of iPhone users “A substantial security threat called XcodeGhost managed to fool App Store security and sneak into the App Store inside real App Store apps potentially affecting hundreds of millions of iPhone and iPad users on both stock and jailbroken devices.” Key Raider — Another iOS malware steals account info and more “Malicious code surreptitiously included with Cydia apps [has] pilfered account data…disabled some infected phones until users pay a ransom, and…made unauthorized charges against some victims’ accounts.” Flaws in OS X, iOS Allow Malicious Apps to Steal Passwords, Other Data “In a paper titled “Unauthorized Cross-App Resource Access on MAC OS X and iOS,” researchers demonstrated that cross-app resource access (XARA) attacks are possible on Apple’s operating systems, allowing malicious applications to steal passwords and other sensitive data from other programs.”
22© 2015 IBM Corporation Anatomy of Attacks on iOS Mobile App Reverse-engineering app contents 1. Decrypt the mobile app (iOS apps) 2. Open up and examine the app 3. Create a hacked version 11 110 01 0 1001110 1100 001 01 111 00 11 110 01 0 0101010 0101 110 011100 00 Extract and steal confidential data Create a tampered, cracked or patched version of the app Release / use the hacked app Use malware to infect/patch the app on other devices 4. Distribute app
23© 2015 IBM Corporation Tools for Hacking are Found Everywhere Category Example Tools Platform/Target Mobile decryption, unpacking & conversion Clutch iOS APKTool Android Dex2jar Android Static binary analysis: disassembly, decompilation, info dumping IDA Pro & Hex-Rays Linux, Mac OS, Windows Hopper iOS, Linux, Mac OS, Windows JD Project Java baksmali Android / Java class-dump-z iOS, Linux, Mac OS, Windows nm Windows / .obj, .lib Strings Windows / UNICODE Runtime binary analysis: debugging, tracing GDB Windows, UNIX / C, C++, Obj-C & more ADB Android Introspy-Android, Introspy-iOS Android, iOS Sogeti ESEC Lab Android Runtime manipulation, code injection, method swizzling, patching Cydia Substrate Android, iOS Cycript iOS, Mac OS DYLD Mac OS Theos suite iOS Hex Editors Everything CheatEngine Windows Jailbreak detection evasion xCon, tsProtector iOS What do these tools allow? – Decrypt iOS apps – Modify data in- memory – Modify data on disk – Inject custom code – Change existing code – Read network traffic – Manipulate network traffic – Bypass jailbreak detections
24© 2015 IBM Corporation IDA Example
25© 2015 IBM Corporation Protection Approaches
26© 2015 IBM Corporation Mobile Application Security Static Analysis of Source Code IBM AppScan Source/ IBM MobileFirst Application Scanning Dynamic Analysis of Back End Calls IBM AppScan Standard Interactive Analysis of Mobile App IBM Application Security on Cloud Hardening of Binary Code Arxan Application Protection for IBM Solutions Security Intelligence Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Content Security Application Security Transaction Security Device Security DATA Personal and Consumer Enterprise IBM Mobile Application Security Framework
27© 2015 IBM Corporation Obfuscation Confuse the Hacker • Dummy Code Insertion • Instruction Merging • Block Shuffling • Function Inlining • … and More! Turns this into this …
28© 2015 IBM Corporation Preventing Reverse Engineering Other Techniques • Method Renaming • String Encryption • … and More! String not found
29© 2015 IBM Corporation Preventing Tampering Common Techniques Jailbreak Detection Am I on a jailbroken device? Checksum Has the binary changed? Method Swizzling Detection Is someone hijacking my code? Debug Detection Is a Debugger Running?
30© 2015 IBM Corporation Security Layers
© 2015 IBM Corporation DEMO
32© 2015 IBM Corporation Additional Resources
33© 2015 IBM Corporation Learn More about Mobile Application Security Testing on Cloud Replay recent Webinar • Oct 20nd - Making the Case for Application Security Testing on Cloud • Nov. 3rd - Protecting Mission-Critical Source Code from AppSec Vulnerabilities Read the Blogs • AppSec Testing on Cloud and the Future of Penetration Testing • A Lever to Move the World: Automating AppSec Testing in the Cloud • Protecting Your Apps at Runtime View the Infographic • Case Closed with IBM AppSec on Cloud View the YouTube Video • Identify and Remediate Application Security Vulnerabilities Effectively Visit the Web Page • Cloud Marketplace
34© 2015 IBM Corporation Free Evaluation of “Arxan Application Protection for IBM Solutions” Now offered as part of IBM’s Security Portfolio Your Next Steps to Protecting Your Apps Curious how your app binary is exposed to hacking? Get Free Assessment of your app’s binary exposures in 9 categories
© 2015 IBM Corporation QUESTIONS
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security

Empfohlen

The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
Ankit Giri
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
SecureState
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Kyle Lai
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)
Priyanka Aash
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 

Empfohlen

The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
Ankit Giri
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
SecureState
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Kyle Lai
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)
Priyanka Aash
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
IBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
IBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
IBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
IBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
 

Weitere ähnliche Inhalte

Mehr von IBM Security

Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 

Mehr von IBM Security (20)

The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

The 411 on Mobile Application Security Testing and Runtime Protection for iOS Applications

  • 1. © 2015 IBM Corporation Eitan Worcel IBM Application Security on Cloud Chris Stahly Arxan Director Application Protection Services The 411 on Mobile Application Security Testing and Runtime Protection for iOS Applications
  • 2. 2© 2015 IBM Corporation Security Intelligence Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Content Security Application Security Transaction Security Device Security DATA Personal and Consumer Enterprise Device Security Content Security Application Security Transaction Security Device as ID Provision, manage and secure Corporate and BYOD devices Secure enterprise content access and sharing Develop vulnerability free, tamper proof and risk aware applications Prevent & detect high risk mobile transactions from employees, customers and partners Mobile Identity Platform Security Intelligence A unified architecture for integrating mobile security information & event management (SIEM), log management, anomaly detection, and configuration & vulnerability management IBM Mobile Security Framework
  • 3. 3© 2015 IBM Corporation Agenda Mobile App Sec • Exploring Mobile App Vulnerabilities • Mobile Security Overview iOS Mobile App Sec • Exploring iOS vulnerabilities & attacks • Protection Approaches • Application Testing Demo Additional Resources
  • 4. 4© 2015 IBM Corporation December 2013 Android Fragment Injection A set of vulnerabilities exposed by Mobile Analyzer Research leading to a new discovery of Android vulnerability class! X-Force Mobile Vulnerability Findings
  • 5. 5© 2015 IBM Corporation March 2014 Firefox vulnerability Overtaking Firefox Profiles identified by Mobile Analyzer Disclosed and fixed X-Force Mobile Vulnerability Findings
  • 6. 6© 2015 IBM Corporation July 2014 Android KeyStore Vulnerability Stack Buffer Overflow X-Force Mobile Vulnerability Findings
  • 7. 7© 2015 IBM Corporation August 2014 Apache Cordova Vulnerability 10% of Android Banking Apps Potentially Vulnerable X-Force Mobile Vulnerability Findings
  • 8. 8© 2015 IBM Corporation February 2015 Dating Apps Vulnerabilities Mobile Analyzer identified medium to high vulnerabilities in over 60% of the top dating apps X-Force Mobile Vulnerability Findings
  • 9. 9© 2015 IBM Corporation August 2015 Android Serialization Vulnerability Over 55 percent of Android phones are at risk. Vulnerability Gives Underprivileged Apps Super Status X-Force Mobile Vulnerability Findings
  • 10. 10© 2015 IBM Corporation X-Force Mobile Vulnerability Findings April 2015 Deobfuscating iOS Kernel Pointers Vulnerability Information leak vulnerability in iOS which can be used to defeat the kernel address obfuscation mechanism available since iOS 6
  • 11. 11© 2015 IBM Corporation Mobile Security Overview
  • 12. 12© 2015 IBM Corporation Web Apps Internet Web Apps Run in a Browser Database Internet
  • 13. 13© 2015 IBM Corporation Database Mobile Apps Run on the Phone and are Supported by Mobile Services Internet Mobile Services
  • 14. 14© 2015 IBM Corporation Internet Mobile Services Database Testing Mobile Apps is Different from Testing Web Apps We know how to pen test our networks We know how to pen test web app/services This is the new area where we need to focus
  • 15. 15© 2015 IBM Corporation Internet Web Apps Mobile Applications Have a Different Threat Model Internet Mobile Services Carrier Application Logic Temporary Storage Application Logic Temporary Storage JavaScript is sandboxed JavaScript can access device features Malicious Site Malicious Site Attacker with Root Malicious Apps Application Services
  • 16. 16© 2015 IBM Corporation iOS Mobile App Sec
  • 17. 17© 2015 IBM Corporation iOS Security Controls  Why should we trust the OS? – Code signing – Anti arbitrary code execution policies • ASLR • Memory pages marked W^X o Writable XOR executable • Stack canaries – Sandboxing – App encryption
  • 18. 18© 2015 IBM Corporation Circumventing iOS Controls  Jailbreaking – Remove iOS controls – Gain root access – Custom kernel – Privilege escalation
  • 19. 19© 2015 IBM Corporation Apple’s Threat Modeling  Attacks on System Integrity – Attacks on system integrity […] modify the system in such a way that it can no longer be trusted. […] the attacker might be able to: • Execute malicious code • Impersonate a user or server • Repudiate an action • https://developer.apple.com/library/ios/DOCUMENTATION/Security/Conceptua l/Security_Overview/ThreatModeling/ThreatModeling.html
  • 20. 20© 2015 IBM Corporation Jailbreak History • iPhone 1.0 (June 29th 2007) • Jailbroken (July 10th 2007) • 4.3.2 • redsn0w 0.9.11x (April 2011) • 4.3.3 • jailbreakme.com remote jailbreak (July 2011) • 5.1.1 • absinthe 2.0.x (May 2012) • 6.1 • evasi0n (January 30 2013) • 7.0 • evasi0n7 (December 2013) • 7.1 • Pangu (June 23 2014) • 8.1 • Pangu (January 2015) • 9.0 • Pangu (October 2015)
  • 21. 21© 2015 IBM Corporation iOS Recent Attacks Nobody is safe: Major App Store malware breach may affect millions of iPhone users “A substantial security threat called XcodeGhost managed to fool App Store security and sneak into the App Store inside real App Store apps potentially affecting hundreds of millions of iPhone and iPad users on both stock and jailbroken devices.” Key Raider — Another iOS malware steals account info and more “Malicious code surreptitiously included with Cydia apps [has] pilfered account data…disabled some infected phones until users pay a ransom, and…made unauthorized charges against some victims’ accounts.” Flaws in OS X, iOS Allow Malicious Apps to Steal Passwords, Other Data “In a paper titled “Unauthorized Cross-App Resource Access on MAC OS X and iOS,” researchers demonstrated that cross-app resource access (XARA) attacks are possible on Apple’s operating systems, allowing malicious applications to steal passwords and other sensitive data from other programs.”
  • 22. 22© 2015 IBM Corporation Anatomy of Attacks on iOS Mobile App Reverse-engineering app contents 1. Decrypt the mobile app (iOS apps) 2. Open up and examine the app 3. Create a hacked version 11 110 01 0 1001110 1100 001 01 111 00 11 110 01 0 0101010 0101 110 011100 00 Extract and steal confidential data Create a tampered, cracked or patched version of the app Release / use the hacked app Use malware to infect/patch the app on other devices 4. Distribute app
  • 23. 23© 2015 IBM Corporation Tools for Hacking are Found Everywhere Category Example Tools Platform/Target Mobile decryption, unpacking & conversion Clutch iOS APKTool Android Dex2jar Android Static binary analysis: disassembly, decompilation, info dumping IDA Pro & Hex-Rays Linux, Mac OS, Windows Hopper iOS, Linux, Mac OS, Windows JD Project Java baksmali Android / Java class-dump-z iOS, Linux, Mac OS, Windows nm Windows / .obj, .lib Strings Windows / UNICODE Runtime binary analysis: debugging, tracing GDB Windows, UNIX / C, C++, Obj-C & more ADB Android Introspy-Android, Introspy-iOS Android, iOS Sogeti ESEC Lab Android Runtime manipulation, code injection, method swizzling, patching Cydia Substrate Android, iOS Cycript iOS, Mac OS DYLD Mac OS Theos suite iOS Hex Editors Everything CheatEngine Windows Jailbreak detection evasion xCon, tsProtector iOS What do these tools allow? – Decrypt iOS apps – Modify data in- memory – Modify data on disk – Inject custom code – Change existing code – Read network traffic – Manipulate network traffic – Bypass jailbreak detections
  • 24. 24© 2015 IBM Corporation IDA Example
  • 25. 25© 2015 IBM Corporation Protection Approaches
  • 26. 26© 2015 IBM Corporation Mobile Application Security Static Analysis of Source Code IBM AppScan Source/ IBM MobileFirst Application Scanning Dynamic Analysis of Back End Calls IBM AppScan Standard Interactive Analysis of Mobile App IBM Application Security on Cloud Hardening of Binary Code Arxan Application Protection for IBM Solutions Security Intelligence Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Content Security Application Security Transaction Security Device Security DATA Personal and Consumer Enterprise IBM Mobile Application Security Framework
  • 27. 27© 2015 IBM Corporation Obfuscation Confuse the Hacker • Dummy Code Insertion • Instruction Merging • Block Shuffling • Function Inlining • … and More! Turns this into this …
  • 28. 28© 2015 IBM Corporation Preventing Reverse Engineering Other Techniques • Method Renaming • String Encryption • … and More! String not found
  • 29. 29© 2015 IBM Corporation Preventing Tampering Common Techniques Jailbreak Detection Am I on a jailbroken device? Checksum Has the binary changed? Method Swizzling Detection Is someone hijacking my code? Debug Detection Is a Debugger Running?
  • 30. 30© 2015 IBM Corporation Security Layers
  • 31. © 2015 IBM Corporation DEMO
  • 32. 32© 2015 IBM Corporation Additional Resources
  • 33. 33© 2015 IBM Corporation Learn More about Mobile Application Security Testing on Cloud Replay recent Webinar • Oct 20nd - Making the Case for Application Security Testing on Cloud • Nov. 3rd - Protecting Mission-Critical Source Code from AppSec Vulnerabilities Read the Blogs • AppSec Testing on Cloud and the Future of Penetration Testing • A Lever to Move the World: Automating AppSec Testing in the Cloud • Protecting Your Apps at Runtime View the Infographic • Case Closed with IBM AppSec on Cloud View the YouTube Video • Identify and Remediate Application Security Vulnerabilities Effectively Visit the Web Page • Cloud Marketplace
  • 34. 34© 2015 IBM Corporation Free Evaluation of “Arxan Application Protection for IBM Solutions” Now offered as part of IBM’s Security Portfolio Your Next Steps to Protecting Your Apps Curious how your app binary is exposed to hacking? Get Free Assessment of your app’s binary exposures in 9 categories
  • 35. © 2015 IBM Corporation QUESTIONS
  • 36. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security