Explore the OWASP Mobile Top Ten security vulnerabilities and their significance in a comprehensive conference talk. Learn about critical mobile security issues, including transport layer protection, threat modeling, authorization, authentication, broken cryptography, and data validation. Discover best practices for preventing reverse engineering, implementing industry standards, and making secure decisions. Gain insights into the importance of assuming insecurity, maintaining vigilance, and never compromising on security. Examine real-world examples, open-source solutions, and the role of permissions and reputation in mobile app security.
Overview
Syllabus
Introduction
Mobile Top Ten
Transport Layer Protection
Threat Model
Authorization Authentication
We know the weaknesses
Broken cryptography
Encoding
Encryption
Clientside
Data Validation
Input Validation
Know Your Services
Security Decisions Via untrusted and Inputs
Session Handling
Authentication State Changes
Use Industry Standards
Lack of Binary Protection
Preventing Reverse Engineering
Security Starts With You
Always Assume Insecurity
You Dont Be Yourself
Never Compromise Security
Example
Open Source
Permissions
Reputation
