SlideShare une entreprise Scribd logo

Safety first – best practices in app security​

A
Ana Baotić

Presentation about implementing security features in Android applications from Droidcon Zagreb 2016

Technologie
1  sur  52
Télécharger pour lire hors ligne
Safety first Best practices in app security ANA BAOTIĆ TECHNICAL MANAGER, MOBILE BANKING @ INFINUM
We're an independent design & development agency.
HOW TO INCREASE SECURITY BUILD INTEGRITY DATA PRIVACY NETWORK SECURITY
THINGS TO ADD TO A NEW PROJECT Release keystore Obfuscation
KEYSTORE Should be used for ALL builds You should NEVER lose it No one should EVER acquire it
signingConfigs { release { storeFile file("myapp.keystore") storePassword "password123" keyAlias "keyAlias" keyPassword "password789" } } DO NOT!
DO! gradle.properties KEYSTORE_PASSWORD=password123 KEY_PASSWORD=password789
try { storeFile file("myapp.keystore") storePassword KEYSTORE_PASSWORD keyAlias "keyAlias" keyPassword KEY_PASSWORD } catch (ex) { throw new InvalidUserDataException(“…”) }
OBFUSCATION Proguard DexGuard DexProtector
release { 
 minifyEnabled true proguardFiles getDefaultProguardFile( 'proguard-android.txt'), ‘proguard-rules.txt' 
 signingConfig signingConfigs.release
 }
public abstract class e {
 private int a = -1;
 private String b = null;
 protected boolean k = false;
 
 public abstract void a(Intent var1);
 
 public void run() {
 this.a((Intent)null);
 }
 protected final void a(String var1) {
 this.b = var1;
 }
 public final void c() {
 this.a = -1;
 this.b = null;
 }
 public final boolean d() {
 return this.k;
 }
 }
WILL THIS KEEP THE APK SAFE? No.
TAMPERING DETECTION Verify signing certificate at runtime Verify the installer context.getPackageManager() .getInstallerPackageName(context.getPackageName()) .startsWith("com.android.vending") Check if app is debuggable (or run on emulator)
DATA PRIVACY
USERS ARE SENSITIVE ABOUT THEIR DATA
WAYS TO STORE (AND RETRIEVE) DATA Internal storage External storage Content providers
INTERNAL STORAGE Is (generally) sufficiently safe Private to the your app
EXTERNAL STORAGE Globally readable and writable
CONTENT PROVIDERS Structured storage mechanism Can be exported to allow access by other apps  
<provider android:name="com.example.android.datasync.provider.StubProvider"  android:authorities="com.example.android.datasync.provider" android:exported="false"/> android:protectionLevel="signature"
SHARED PREFERENCES Useful for primitive key-value based data
private readable safe Internal storage yes yes yes External storage no yes no Content providers depends yes yes Shared prefs. yes yes yes
SO EVERYTHING IS FINE? Yes, until you root the device.
USE LIBRARIES Bouncy Castle Spongy Castle Keyczar AeroGear Crypto Conceal
ENCRYPT USING A PIN/PASSWORD 4 digits - 10 000 attempts No effort to crack or even guess
BCRYPT Key derivation function Slow Cost of the hash function depends on the work factor
CAN DATA REMAIN PRIVATE? Rooting your device allows access Not encrypting allows (mis)use
NETWORK SECURITY
HTTP Still (frequently) used MiTM
HTTPS Encrypts data Validation of server’s identity
android:usesCleartextTraffic="false" ANDROID M StrictMode.setVmPolicy( new StrictMode.VmPolicy.Builder() .detectCleartextNetwork() .penaltyLog().build());
ANDROID N Network Security Configuration feature Finer grained control
CERTIFICATE PINNING Defines which CAs are trusted Reduces effectiveness of MiTM
okhttpbuilder
 .pinClientCertificate(resources, R.raw.client_cert, "pass".toCharArray(), “PKCS12”) .pinServerCertificates(resources, 
 R.raw.server_cert, "pass".toCharArray(), "BKS")
 .build(); return new OkClient(client);

WHAT IF THE CERTIFICATES CHANGE?
INFORM THE USERS Implement a mechanism for notifying users (GCM) and forcing updates
PLAN AHEAD Check server security’s impact on Android devices https://www.ssllabs.com/
INCLUDE THE CLIENT IN THE PROCESS Keep them up-to-date Help them understand risks and advise them Insist on updates and security patches
RECAP
ANDROID IS NOT SECURE But you can make it less easy to abuse
THINGS TO REMEMBER Use internal storage if applicable Encrypt data Use HTTPS Pin certificates Be aware of the update cycle
REFERENCES • Gradle configuration • http://developer.android.com/guide/topics/data/data- storage.html#db • https://codahale.com/how-to-safely-store-a-password/ • http://www.developereconomics.com/android- cryptography-tools-for-beginners/ • https://www.airpair.com/android/posts/adding-tampering- detection-to-your-android-app
REFERENCES • https://www.ssllabs.com/ • http://developer.android.com/preview/features/security- config.html • https://www.ionic.com/mitm-attacks-ssl-pinning-what-is-it- and-why-you-should-care/
Thank you!
 Questions? Visit www.infinum.co or find us on social networks: infinum.co infinumco infinumco infinum ANA@INFINUM.CO @ABAOTIC

Recommandé

Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsSecuRing
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
 
Certificate Pinning: Not as Simple as It Sounds
Certificate Pinning: Not as Simple as It Sounds Certificate Pinning: Not as Simple as It Sounds
Certificate Pinning: Not as Simple as It Sounds Synopsys Software Integrity Group
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP
 
Techorama 2019 - Azure Security Center Unleashed
Techorama 2019 - Azure Security Center UnleashedTechorama 2019 - Azure Security Center Unleashed
Techorama 2019 - Azure Security Center UnleashedTom Janetscheck
 
Secrets as Code
Secrets as CodeSecrets as Code
Secrets as CodeJohann Gyger
 

Recommandé

Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsSecuRing
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
 
Certificate Pinning: Not as Simple as It Sounds
Certificate Pinning: Not as Simple as It Sounds Certificate Pinning: Not as Simple as It Sounds
Certificate Pinning: Not as Simple as It Sounds Synopsys Software Integrity Group
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP
 
Techorama 2019 - Azure Security Center Unleashed
Techorama 2019 - Azure Security Center UnleashedTechorama 2019 - Azure Security Center Unleashed
Techorama 2019 - Azure Security Center UnleashedTom Janetscheck
 
Secrets as Code
Secrets as CodeSecrets as Code
Secrets as CodeJohann Gyger
 
TechEvent Data Encryption in Azure
TechEvent Data Encryption in AzureTechEvent Data Encryption in Azure
TechEvent Data Encryption in AzureTrivadis
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Barry Dorrans
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessAkeyless
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud SecurityAkeyless
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and DefensesOWASP
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015Adam Baldwin
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Hardening Kubernetes Cluster
Hardening Kubernetes ClusterHardening Kubernetes Cluster
Hardening Kubernetes ClusterKnoldus Inc.
 
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseNode Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseAdam Baldwin
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 
Node.JS security
Node.JS securityNode.JS security
Node.JS securityDeepu S Nath
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)Priyanka Aash
 
Microservices docker-security
Microservices docker-securityMicroservices docker-security
Microservices docker-securitySergio Loureiro
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs SecurityJason Ross
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgphimajareddys
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgpcharan teja R
 
Pgp security mule
Pgp security mulePgp security mule
Pgp security muleSindhu VL
 
Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Tomek Cejner
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 

Contenu connexe

Tendances

TechEvent Data Encryption in Azure
TechEvent Data Encryption in AzureTechEvent Data Encryption in Azure
TechEvent Data Encryption in AzureTrivadis
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Barry Dorrans
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessAkeyless
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud SecurityAkeyless
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and DefensesOWASP
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Hardening Kubernetes Cluster
Hardening Kubernetes ClusterHardening Kubernetes Cluster
Hardening Kubernetes ClusterKnoldus Inc.
 
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseNode Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseAdam Baldwin
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)Priyanka Aash
 
Microservices docker-security
Microservices docker-securityMicroservices docker-security
Microservices docker-securitySergio Loureiro
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs SecurityJason Ross
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgphimajareddys
 
Pgp security mule
Pgp security mulePgp security mule
Pgp security muleSindhu VL
 

Tendances (20)

TechEvent Data Encryption in Azure
TechEvent Data Encryption in AzureTechEvent Data Encryption in Azure
TechEvent Data Encryption in Azure
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
 
Hardening Kubernetes Cluster
Hardening Kubernetes ClusterHardening Kubernetes Cluster
Hardening Kubernetes Cluster
 
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseNode Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets management
 
Node.JS security
Node.JS securityNode.JS security
Node.JS security
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)
 
Microservices docker-security
Microservices docker-securityMicroservices docker-security
Microservices docker-security
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs Security
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgp
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgp
 
Pgp security mule
Pgp security mulePgp security mule
Pgp security mule
 

Similaire à Safety first – best practices in app security​

Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Tomek Cejner
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 
Protecting data on device with SQLCipher, Stephen Lombardo
Protecting data on device with SQLCipher, Stephen LombardoProtecting data on device with SQLCipher, Stephen Lombardo
Protecting data on device with SQLCipher, Stephen LombardoXamarin
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)Priyanka Aash
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net frameworkLalit Kale
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...mdevtalk
 
Strata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache PulsarStrata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache PulsarStreamlio
 
What Every Software Engineer Should Know About Security and Encryption
What Every Software Engineer Should Know About Security and EncryptionWhat Every Software Engineer Should Know About Security and Encryption
What Every Software Engineer Should Know About Security and EncryptionAll Things Open
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthinkspa
 
Cryptographic authentication
Cryptographic authenticationCryptographic authentication
Cryptographic authenticationnirmal08
 
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsXP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
Security & Cryptography In Linux
Security & Cryptography In LinuxSecurity & Cryptography In Linux
Security & Cryptography In LinuxAhmed Mekkawy
 

Similaire à Safety first – best practices in app security​ (20)

Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 
Protecting data on device with SQLCipher, Stephen Lombardo
Protecting data on device with SQLCipher, Stephen LombardoProtecting data on device with SQLCipher, Stephen Lombardo
Protecting data on device with SQLCipher, Stephen Lombardo
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)
 
App Security and Securing App
App Security and Securing AppApp Security and Securing App
App Security and Securing App
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net framework
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
 
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
 
Strata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache PulsarStrata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache Pulsar
 
What Every Software Engineer Should Know About Security and Encryption
What Every Software Engineer Should Know About Security and EncryptionWhat Every Software Engineer Should Know About Security and Encryption
What Every Software Engineer Should Know About Security and Encryption
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
 
Cryptographic authentication
Cryptographic authenticationCryptographic authentication
Cryptographic authentication
 
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsXP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Security & Cryptography In Linux
Security & Cryptography In LinuxSecurity & Cryptography In Linux
Security & Cryptography In Linux
 

Dernier

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Dernier (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Safety first – best practices in app security​