Explore ten crucial strategies for securing mobile applications in this conference talk from AppSecUSA 2014. Delve into threat modeling techniques and discover the top vulnerabilities and solutions for mobile apps using the OWASP Mobile Top Ten framework. Learn how to expedite the process of securing mobile applications through insights on encryption, web service design, and privacy protection. Gain valuable knowledge from industry experts Jason Haddix and Daniel Miessler as they share their expertise on application security, penetration testing, and risk reduction strategies for Fortune 100 companies. Cover essential topics including secure data storage, server protection, proactive controls, TLS implementations, data leakage prevention, library management, and network traffic security. Understand the latest developments in iOS 8 security, Swift, and Android ART while acquiring practical advice for developers, testers, and managers to enhance mobile application security.
Overview
Syllabus
Intro
Introductions
Considerations: Mobile traffic increases
Considerations: Mobile ubiquity
Considerations: Mobile insecurity
OWASP Mobile Top 10
Don't Store or Store Securely
Protect the Server (highlights)
OWASP ProActive Controls
Over the Wire
Poor TLS Implementations
Unintended Data Leakage
Know Your Libraries
Mobile Network Traffic
Make it hard for the attacker
Takeaways
iOS 8 Security
Swift
Android ART
We need help!
Additional References/Resources
Reach out! Questions?
Taught by
OWASP Foundation
