SlideShare ist ein Scribd-Unternehmen logo

What attackers know about your mobile apps that you don’t: Banking & FinTech

NowSecure
NowSecure

Our threat research team spends every waking moment reverse-engineering and cracking mobile apps and devices to help organizations reduce mobile risk. Originally presented on October 24, 2017, mobile security expert and NowSecure founder Andrew Hoog explains the attacker’s point-of-view, what attackers are looking for in mobile banking or financial services apps, and what makes your mobile app an appetizing target. He then provides tips for deploying a mobile app security testing program to ensure you proactively plug security holes, squash privacy leaks, and fill compliance gaps in your mobile apps.

Mobil
1 von 29
Downloaden Sie, um offline zu lesen
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information. 3
4 ▪ ▪ – – – ▪ ▪
▪ ▪ ▪ ▪ ▪ ▪
25% Have at least 1 high risk flaw 35% Have un-encrypted data transmission 63% iOS Apps Opting out of ATS exposing network risks more likely to leak account credentials Biz Apps 3X Source: NowSecure Software and Research Data 2016-2017 1% Android Apps properly use Google SafetyNet Attestation API 50% Android Apps dynamically load code missed by static analysis 7
8
▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ 9 ▪ ▪ ▪ ▪ ▪ ▪Cross origin resource sharing ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪
iOS APPS Dynamic code and assets MITM attacks Take the the attacker POV to test across app, compiler, data at rest, data in transit, OS, HW & SW during and after running the mobile app iOS FRAMEWORKS iOS NATIVE LIBRARIES iOS Mach/XNU KERNEL iOS HAL HARDWARE 10 Buffer overflows Race conditions Forensic artifacts Malware Contact hijacking TARGET APP
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.
12
.java files compiler .class files dx tool .dex filesAPK builder.apk files Jar signer .so files resources 13
14
15
Host Target bootstrapper Write bootstrapper code into memory of Target process 16
Host Target bootstrapper bootstrapper-thread Hijack existing thread in Target to execute bootstrapper 17
Host Target bootstrapper bootstrapper-thread frida-agent.so Bootstrapper loads frida-agent into Target’s memory space 18
Host Target bootstrapper bootstrapper-thread frida-agent.soComm. Chan Agent opens bi-directional channel between Debugger and Debuggee 19
Host Target bootstrapper bootstrapper-thread frida-agent.soComm. Chan JavaScript Agent sets up its own thread, accepting instrumentation scripts from Debugger Instrumentation scripts 20
Host Target bootstrapper bootstrapper-thread frida-agent.soComm. Chan JavaScript Instrumentation scripts Instrumentation “probes” target specific APIs and code logic of interest 21
Host Target bootstrapper bootstrapper-thread frida-agent.soComm. Chan JavaScript Instrumentation scripts probe results Probe results streamed to debugger and parsed/redirected 22
iOS APPS iOS FRAMEWORKS iOS NATIVE LIBRARIES iOS Mach/XNU KERNEL iOS HAL HARDWARE 23 TARGET APP
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2017 NowSecure, Inc. All Rights Reserved. Proprietary information. 25
● ● ● 26
27
Twitter ▪ ▪ E-mail ▪ ▪ Web ▪
What attackers know about your mobile apps that you don’t: Banking & FinTech

Empfohlen

5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018NowSecure
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskNowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Shifting left: Continuous testing for better app quality and security
Shifting left: Continuous testing for better app quality and securityShifting left: Continuous testing for better app quality and security
Shifting left: Continuous testing for better app quality and securityNowSecure
 

Empfohlen

5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018NowSecure
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskNowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Shifting left: Continuous testing for better app quality and security
Shifting left: Continuous testing for better app quality and securityShifting left: Continuous testing for better app quality and security
Shifting left: Continuous testing for better app quality and securityNowSecure
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookNowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Berezha Security Group
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope OverviewNetskope
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security AssessmentSylvain Martinez
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar Kaspersky
 
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongForrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongDuo Security
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)Priyanka Aash
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...SecureAuth
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
HelloWorld: Avoiding the Penalty
HelloWorld: Avoiding the PenaltyHelloWorld: Avoiding the Penalty
HelloWorld: Avoiding the PenaltyHelloWorld
 
Prêmio Empreendedor do Ano 2017
Prêmio Empreendedor do Ano 2017Prêmio Empreendedor do Ano 2017
Prêmio Empreendedor do Ano 2017EYBrasil
 

Weitere ähnliche Inhalte

Was ist angesagt?

Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookNowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Berezha Security Group
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope OverviewNetskope
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security AssessmentSylvain Martinez
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar Kaspersky
 
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongForrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongDuo Security
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)Priyanka Aash
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...SecureAuth
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 

Was ist angesagt? (20)

Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testing
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security Session
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope Overview
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security Assessment
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Know
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar
 
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongForrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 

Andere mochten auch

HelloWorld: Avoiding the Penalty
HelloWorld: Avoiding the PenaltyHelloWorld: Avoiding the Penalty
HelloWorld: Avoiding the PenaltyHelloWorld
 
Prêmio Empreendedor do Ano 2017
Prêmio Empreendedor do Ano 2017Prêmio Empreendedor do Ano 2017
Prêmio Empreendedor do Ano 2017EYBrasil
 
Debunking the myths of organizational change management
Debunking the myths of organizational change managementDebunking the myths of organizational change management
Debunking the myths of organizational change managementaccenture
 
Wandera Enterprise Mobile Data Featuring Yankee Group
Wandera Enterprise Mobile Data Featuring Yankee GroupWandera Enterprise Mobile Data Featuring Yankee Group
Wandera Enterprise Mobile Data Featuring Yankee GroupWandera_Mobile_Data
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Accenture Technology
 
Bricks & Clicks Retail: From Enemies to Allies
Bricks & Clicks Retail: From Enemies to AlliesBricks & Clicks Retail: From Enemies to Allies
Bricks & Clicks Retail: From Enemies to AlliesThe Hershey Company
 
Alteryx Investor Presentation 080217
Alteryx Investor Presentation 080217Alteryx Investor Presentation 080217
Alteryx Investor Presentation 080217alteryxinvestor
 

Andere mochten auch (7)

HelloWorld: Avoiding the Penalty
HelloWorld: Avoiding the PenaltyHelloWorld: Avoiding the Penalty
HelloWorld: Avoiding the Penalty
 
Prêmio Empreendedor do Ano 2017
Prêmio Empreendedor do Ano 2017Prêmio Empreendedor do Ano 2017
Prêmio Empreendedor do Ano 2017
 
Debunking the myths of organizational change management
Debunking the myths of organizational change managementDebunking the myths of organizational change management
Debunking the myths of organizational change management
 
Wandera Enterprise Mobile Data Featuring Yankee Group
Wandera Enterprise Mobile Data Featuring Yankee GroupWandera Enterprise Mobile Data Featuring Yankee Group
Wandera Enterprise Mobile Data Featuring Yankee Group
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5
 
Bricks & Clicks Retail: From Enemies to Allies
Bricks & Clicks Retail: From Enemies to AlliesBricks & Clicks Retail: From Enemies to Allies
Bricks & Clicks Retail: From Enemies to Allies
 
Alteryx Investor Presentation 080217
Alteryx Investor Presentation 080217Alteryx Investor Presentation 080217
Alteryx Investor Presentation 080217
 

Ähnlich wie What attackers know about your mobile apps that you don’t: Banking & FinTech

2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)Priyanka Aash
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecNowSecure
 
Six Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & VendorsSix Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & VendorsBomgar
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Zscaler
 
Controle de configuration ou fuite de donnees, comment mieux securiser SFDC
Controle de configuration ou fuite de donnees, comment mieux securiser SFDCControle de configuration ou fuite de donnees, comment mieux securiser SFDC
Controle de configuration ou fuite de donnees, comment mieux securiser SFDCThierry TROUIN ☁
 
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...NUS-ISS
 
Securing Privileged Access “Inside the Perimeter”
Securing Privileged Access “Inside the Perimeter”Securing Privileged Access “Inside the Perimeter”
Securing Privileged Access “Inside the Perimeter”Bomgar
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...WSO2
 
AI/Big Data/Cloud Patterns for Fraud Prevention
AI/Big Data/Cloud Patterns for Fraud PreventionAI/Big Data/Cloud Patterns for Fraud Prevention
AI/Big Data/Cloud Patterns for Fraud PreventionDavid Ting
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensBitglass
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
CASBs: Critical Capabilities - in partnership with ISC(2)
CASBs: Critical Capabilities - in partnership with ISC(2)CASBs: Critical Capabilities - in partnership with ISC(2)
CASBs: Critical Capabilities - in partnership with ISC(2)Bitglass
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg Tunde Ogunkoya
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
 

Ähnlich wie What attackers know about your mobile apps that you don’t: Banking & FinTech (20)

2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
 
Six Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & VendorsSix Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & Vendors
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
 
Controle de configuration ou fuite de donnees, comment mieux securiser SFDC
Controle de configuration ou fuite de donnees, comment mieux securiser SFDCControle de configuration ou fuite de donnees, comment mieux securiser SFDC
Controle de configuration ou fuite de donnees, comment mieux securiser SFDC
 
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...
 
Securing Privileged Access “Inside the Perimeter”
Securing Privileged Access “Inside the Perimeter”Securing Privileged Access “Inside the Perimeter”
Securing Privileged Access “Inside the Perimeter”
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
 
AI/Big Data/Cloud Patterns for Fraud Prevention
AI/Big Data/Cloud Patterns for Fraud PreventionAI/Big Data/Cloud Patterns for Fraud Prevention
AI/Big Data/Cloud Patterns for Fraud Prevention
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
CASBs: Critical Capabilities - in partnership with ISC(2)
CASBs: Critical Capabilities - in partnership with ISC(2)CASBs: Critical Capabilities - in partnership with ISC(2)
CASBs: Critical Capabilities - in partnership with ISC(2)
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
 

Mehr von NowSecure

iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2NowSecure
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureFrom Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureNowSecure
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsNowSecure
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
 
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019Mobile App Security Predictions 2019
Mobile App Security Predictions 2019NowSecure
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsJeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsNowSecure
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
 
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyA Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyNowSecure
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowNowSecure
 
iOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To KnowiOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To KnowNowSecure
 
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security TestingNowSecure
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowNowSecure
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsNowSecure
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceDelivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceNowSecure
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...NowSecure
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 

Mehr von NowSecure (20)

iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureFrom Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy Enhancements
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
 
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019Mobile App Security Predictions 2019
Mobile App Security Predictions 2019
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsJeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOps
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
 
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyA Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing Strategy
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to Know
 
iOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To KnowiOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To Know
 
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceDelivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 

What attackers know about your mobile apps that you don’t: Banking & FinTech