Overview
Explore the critical landscape of mobile security in this 48-minute conference talk from LASCON. Delve into the OWASP Top 10 Mobile Risks as presented by experts Jack Mannino, Mike Zusman, and Zach Lanier. Learn about mobile threat modeling and gain insights into key vulnerabilities such as insecure data storage, weak server-side controls, and insufficient transport layer protection. Discover the dangers of client-side injection, poor authorization and authentication, and improper session handling. Understand how security decisions via untrusted inputs and side channel data leaks can compromise mobile applications. Examine broken cryptography prevention tips and strategies to mitigate sensitive information disclosure. Equip yourself with essential knowledge to enhance mobile application security and protect against prevalent threats in the mobile ecosystem.
Syllabus
OWASP Top 10 Mobile Risks
Introductions
Mobile Threat Model
Top 10 Risks
Insecure Data Storage
Weak Server Side Controls
Insufficient Transport Layer Protection
Client Side Injection
Poor Authorization and Authentication
Improper Session Handling
Security Decisions Via Untrusted Inputs
Side Channel Data Leakage
M9- Broken Cryptography Prevention Tips
Sensitive Information Disclosure
Conclusion
Taught by
LASCON