SlideShare uma empresa Scribd logo

Android Security - Common Security Pitfalls in Android Applications

B
BlrDroid

The document discusses common security pitfalls in Android apps. It outlines vulnerabilities like hardcoding sensitive info, logging sensitive data, leaking content providers, insecure data storage, and vulnerabilities in webviews and ad libraries. It also discusses issues like SQLite injection, insecure file permissions, backup vulnerabilities, and insecure network traffic. The document provides recommendations for secure coding practices like using proper permissions for activities, services, and content providers, encrypting sensitive data, and avoiding exporting components unless needed.

Tecnologia
1 de 52
Baixar para ler offline
Common Security Pitfalls in Android Apps Aditya Gupta Attify
Who Am i • Founder, Attify • Mobile Security Researcher • Developing a secure BYOD solution for enterprises • Co-creator of AFE (Android Framework for Exploitation) • Upcoming tool : DroidSE • Speaker/Trainer at BlackHat, Toorcon, ClubHack, Nullcon, OWASP AppSec, Syscan etc.
Agenda • Security Overview of Android Apps • Some vulnerabilities in Android Apps • Secure Coding
Android Security Model • Based on Linux • Security features are derived mostly from Linux • Application Isolation • Each app in its own DVM
Security Overview of Android Apps • Application Sandboxing • Data stored in /data/data/[package-name]/ • AndroidManifest.xml plays an important role • Permissions while accessing activities, services, content providers
Hard Coding Sensitive Info • Have seen some apps hardcode sensitive info • Reversing applications • Encrypting passwords : really common • Use protection to prevent apps from reversing • Don't ever hardcode a sensitive info in an app.
Protecting against Reversing
Logging Sensitive Information
Logging Sensitive Information Log.d("Facebook-authorize", "Login Success! access_token=" + getAccessToken() + " expires=" + getAccessExpires());
Leaking Content Providers • Content Providers • What can one application do to another • Leakage of content providers • By default exported
Leaking Content Providers
Dropbox
Insecure Data Storage
Android WebView vuln • What's a Webview?
Android WebView vuln • Framing Web components into application • Could be really useful while building applications • Does it also allows Javascript?
Javascript in Webviews • Javascript is allowed in Webviews • Javascript could be used to interact with the app's interface • Malicious functions could be executed
Malicious functions with JS • Could be used to send SMS or place calls • Or to install another application • Get a reverse shell to a remote location • Modify file system or steal something from the device
Ad Libraries, anyone? • InMobi • List of Exposed methods : • makeCall • postToSocial • sendMail • sendSMS • takeCameraPicture • getGalleryImage
Ad Libraries, anyone?
Fix it setJavascriptEnabled(false)
SQLite Injection • SQLite databases for storing application's data • Storing sensitive information in databases • Do you sanitize user input before applying SQL queries
Sample Code ! uname = (EditText) findViewById(R.id.username); pword = (EditText) findViewById(R.id.password); ! ! String getSQL = "SELECT * FROM " + tableName + " WHERE " + username + " = '" + uname + "' AND " + password + " = '" + pword + "'"; ! Cursor cursor = dataBase.rawQuery(getSQL , null);
Insecure File Permissions • File storing sensitive data need to have proper permissions • Should be accessible only by the application
Android Backup Vulnerability • Allows backup of application's data • No root needed in the device • Attacker could read/modify app's data and restore it back • Default behaviour in AndroidManifest.xml
Preventing Backup vulnerability android:allowBackup="false"
Network Traffic
Securing Android Applications
Activities <activity android:name=".SecureActivity" 
 
 android:permission="com.example.secure.permission.START_ACTIVITY1"> </activity>
Services <service android:name=".SecureService" android:permission="com.example.secure.permission.SecurePerm" android:enabled="true" android:exported="true"> </service>
Content Providers <provider android.name="com.example.secure.SecureProvider" 
 
 android.authorities="com.example.secure.mailprovider" 
 
 android.readPermission="com.example.testapps.test1.permission.READ_DATE" 
 android.writePermission="com.example.secure.permission.WRITE_DATA" 
 
 android:grantUriPermissions="true"> ! </provider>
If you don't need android:exported = "false"
Summary • Avoid common mistakes • Store data in encrypted form • Sending data through HTTP/insecure HTTPs
` • Drop a mail at adi@attify.com

Recomendados

Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
Android sandbox
Android sandboxAndroid sandbox
Android sandboxAnusha Chavan
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 

Recomendados

Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
Android sandbox
Android sandboxAndroid sandbox
Android sandboxAnusha Chavan
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applicationsh4oxer
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysisn|u - The Open Security Community
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android SecurityNational Cheng Kung University
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationSECON
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthinkspa
 
Android Security
Android SecurityAndroid Security
Android SecurityMehrnaz Amoon
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardeninganupriti
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC MobileSteve De Zitter
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayn|u - The Open Security Community
 
Android security model
Android security modelAndroid security model
Android security modelrrand1
 
Android system security
Android system securityAndroid system security
Android system securityChong-Kuan Chen
 

Mais conteúdo relacionado

Mais procurados

Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applicationsh4oxer
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationSECON
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthinkspa
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardeninganupriti
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC MobileSteve De Zitter
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 

Mais procurados (20)

Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applications
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android Application
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
 
Android Security
Android SecurityAndroid Security
Android Security
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OS
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC Mobile
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
 

Destaque

Android security model
Android security modelAndroid security model
Android security modelrrand1
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Firebase analytics for_android _ i_os
Firebase analytics for_android _ i_osFirebase analytics for_android _ i_os
Firebase analytics for_android _ i_osbaroqueworksdev
 
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва it-people
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 
Introduction, Examples - Firebase
Introduction, Examples - Firebase Introduction, Examples - Firebase
Introduction, Examples - Firebase Eueung Mulyana
 
Mobile device security informative v2
Mobile device security informative v2Mobile device security informative v2
Mobile device security informative v2Salman Zahid
 
Introduction to Firebase with Android and Beyond...
Introduction to Firebase with Android and Beyond...Introduction to Firebase with Android and Beyond...
Introduction to Firebase with Android and Beyond...Kasper Loevborg Jensen
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 

Destaque (14)

Android security model
Android security modelAndroid security model
Android security model
 
Android system security
Android system securityAndroid system security
Android system security
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Firebase analytics for_android _ i_os
Firebase analytics for_android _ i_osFirebase analytics for_android _ i_os
Firebase analytics for_android _ i_os
 
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва Security in Android Application, Александр Смирнов, RedMadRobot, Москва
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
 
Firebase
FirebaseFirebase
Firebase
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Firebase Android
Firebase AndroidFirebase Android
Firebase Android
 
Mobile security
Mobile securityMobile security
Mobile security
 
Introduction, Examples - Firebase
Introduction, Examples - Firebase Introduction, Examples - Firebase
Introduction, Examples - Firebase
 
Mobile device security informative v2
Mobile device security informative v2Mobile device security informative v2
Mobile device security informative v2
 
Introduction to Firebase with Android and Beyond...
Introduction to Firebase with Android and Beyond...Introduction to Firebase with Android and Beyond...
Introduction to Firebase with Android and Beyond...
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
 

Semelhante a Android Security - Common Security Pitfalls in Android Applications

Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)ClubHack
 
The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009Security Ninja
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web DevelopersKrishna Srikanth Manda
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Apostolos Giannakidis
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
Menofia UN -Mobile Security
Menofia UN -Mobile SecurityMenofia UN -Mobile Security
Menofia UN -Mobile SecurityAhmed Samara
 
CactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseCactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseSeth Law
 
CodeMash 2.0.1.5 - Practical iOS App Attack & Defense
CodeMash 2.0.1.5 - Practical iOS App Attack & DefenseCodeMash 2.0.1.5 - Practical iOS App Attack & Defense
CodeMash 2.0.1.5 - Practical iOS App Attack & DefenseSeth Law
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)securityiphonepentest
 
Making DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring ApplicationsMaking DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring ApplicationsHdiv Security
 
OWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADF
OWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADFOWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADF
OWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADFBrian Huff
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
Android lessons you won't learn in school
Android lessons you won't learn in schoolAndroid lessons you won't learn in school
Android lessons you won't learn in schoolMichael Galpin
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 

Semelhante a Android Security - Common Security Pitfalls in Android Applications (20)

Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
 
The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
 
Menofia UN -Mobile Security
Menofia UN -Mobile SecurityMenofia UN -Mobile Security
Menofia UN -Mobile Security
 
CactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseCactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and Defense
 
CodeMash 2.0.1.5 - Practical iOS App Attack & Defense
CodeMash 2.0.1.5 - Practical iOS App Attack & DefenseCodeMash 2.0.1.5 - Practical iOS App Attack & Defense
CodeMash 2.0.1.5 - Practical iOS App Attack & Defense
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicated
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)security
 
Making DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring ApplicationsMaking DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring Applications
 
Hacking mobile apps
Hacking mobile appsHacking mobile apps
Hacking mobile apps
 
OWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADF
OWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADFOWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADF
OWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADF
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Android lessons you won't learn in school
Android lessons you won't learn in schoolAndroid lessons you won't learn in school
Android lessons you won't learn in school
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 

Mais de BlrDroid

Post I/O 2014 Meetup : Google I/O '14 recap- Amrit Sanjeev
Post I/O 2014 Meetup : Google I/O '14 recap- Amrit SanjeevPost I/O 2014 Meetup : Google I/O '14 recap- Amrit Sanjeev
Post I/O 2014 Meetup : Google I/O '14 recap- Amrit SanjeevBlrDroid
 
June 2014 - Android wear
June 2014 - Android wearJune 2014 - Android wear
June 2014 - Android wearBlrDroid
 
June 2014 - IPC in android
June 2014 - IPC in androidJune 2014 - IPC in android
June 2014 - IPC in androidBlrDroid
 
June 2014 - Building Rabbit MQ based chat on Android
June 2014 - Building Rabbit MQ based chat on AndroidJune 2014 - Building Rabbit MQ based chat on Android
June 2014 - Building Rabbit MQ based chat on AndroidBlrDroid
 
Challenges in writing roboelectric tests
Challenges in writing roboelectric tests Challenges in writing roboelectric tests
Challenges in writing roboelectric tests BlrDroid
 
How to leverage cloud for QA process
How to leverage cloud for QA processHow to leverage cloud for QA process
How to leverage cloud for QA processBlrDroid
 
Usability Testing Made Easy
Usability Testing Made EasyUsability Testing Made Easy
Usability Testing Made EasyBlrDroid
 
How Mobile Developers Could Leverage On Big Data and Data Points to understan...
How Mobile Developers Could Leverage On Big Data and Data Points to understan...How Mobile Developers Could Leverage On Big Data and Data Points to understan...
How Mobile Developers Could Leverage On Big Data and Data Points to understan...BlrDroid
 
Internals of AsyncTask
Internals of AsyncTask Internals of AsyncTask
Internals of AsyncTask BlrDroid
 
Increasing downloads, ratings and revenues
Increasing downloads, ratings and revenues Increasing downloads, ratings and revenues
Increasing downloads, ratings and revenues BlrDroid
 
March 2014 Meetup - Nokia X Tech Session
March 2014 Meetup - Nokia X Tech SessionMarch 2014 Meetup - Nokia X Tech Session
March 2014 Meetup - Nokia X Tech SessionBlrDroid
 
March 2014 Meetup Baug Android and Google App Engine
March 2014 Meetup Baug Android and Google App EngineMarch 2014 Meetup Baug Android and Google App Engine
March 2014 Meetup Baug Android and Google App EngineBlrDroid
 
High performance graphics and computation - OpenGL ES and RenderScript
High performance graphics and computation - OpenGL ES and RenderScript High performance graphics and computation - OpenGL ES and RenderScript
High performance graphics and computation - OpenGL ES and RenderScript BlrDroid
 
Dexetra Labs - Building Apps that can get featured
Dexetra Labs - Building Apps that can get featuredDexetra Labs - Building Apps that can get featured
Dexetra Labs - Building Apps that can get featuredBlrDroid
 
July 2013 Meetup : Introduction To App Publish - Ujjwal Kabra
July 2013 Meetup : Introduction To App Publish - Ujjwal KabraJuly 2013 Meetup : Introduction To App Publish - Ujjwal Kabra
July 2013 Meetup : Introduction To App Publish - Ujjwal KabraBlrDroid
 
July2013 Meetup : App Store Optimization - Shankar soma
July2013 Meetup : App Store Optimization - Shankar somaJuly2013 Meetup : App Store Optimization - Shankar soma
July2013 Meetup : App Store Optimization - Shankar somaBlrDroid
 
June2013 Meetup : Activity Recognition API - Walkmeter - Michal Depa
June2013 Meetup : Activity Recognition API - Walkmeter - Michal DepaJune2013 Meetup : Activity Recognition API - Walkmeter - Michal Depa
June2013 Meetup : Activity Recognition API - Walkmeter - Michal DepaBlrDroid
 
June2013 Meetup : In-App Billing by Soham & Senthil
June2013 Meetup : In-App Billing by Soham & SenthilJune2013 Meetup : In-App Billing by Soham & Senthil
June2013 Meetup : In-App Billing by Soham & SenthilBlrDroid
 
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev BlrDroid
 

Mais de BlrDroid (20)

Post I/O 2014 Meetup : Google I/O '14 recap- Amrit Sanjeev
Post I/O 2014 Meetup : Google I/O '14 recap- Amrit SanjeevPost I/O 2014 Meetup : Google I/O '14 recap- Amrit Sanjeev
Post I/O 2014 Meetup : Google I/O '14 recap- Amrit Sanjeev
 
June 2014 - Android wear
June 2014 - Android wearJune 2014 - Android wear
June 2014 - Android wear
 
June 2014 - IPC in android
June 2014 - IPC in androidJune 2014 - IPC in android
June 2014 - IPC in android
 
June 2014 - Building Rabbit MQ based chat on Android
June 2014 - Building Rabbit MQ based chat on AndroidJune 2014 - Building Rabbit MQ based chat on Android
June 2014 - Building Rabbit MQ based chat on Android
 
Challenges in writing roboelectric tests
Challenges in writing roboelectric tests Challenges in writing roboelectric tests
Challenges in writing roboelectric tests
 
How to leverage cloud for QA process
How to leverage cloud for QA processHow to leverage cloud for QA process
How to leverage cloud for QA process
 
Usability Testing Made Easy
Usability Testing Made EasyUsability Testing Made Easy
Usability Testing Made Easy
 
How Mobile Developers Could Leverage On Big Data and Data Points to understan...
How Mobile Developers Could Leverage On Big Data and Data Points to understan...How Mobile Developers Could Leverage On Big Data and Data Points to understan...
How Mobile Developers Could Leverage On Big Data and Data Points to understan...
 
Internals of AsyncTask
Internals of AsyncTask Internals of AsyncTask
Internals of AsyncTask
 
Increasing downloads, ratings and revenues
Increasing downloads, ratings and revenues Increasing downloads, ratings and revenues
Increasing downloads, ratings and revenues
 
March 2014 Meetup - Nokia X Tech Session
March 2014 Meetup - Nokia X Tech SessionMarch 2014 Meetup - Nokia X Tech Session
March 2014 Meetup - Nokia X Tech Session
 
March 2014 Meetup Baug Android and Google App Engine
March 2014 Meetup Baug Android and Google App EngineMarch 2014 Meetup Baug Android and Google App Engine
March 2014 Meetup Baug Android and Google App Engine
 
High performance graphics and computation - OpenGL ES and RenderScript
High performance graphics and computation - OpenGL ES and RenderScript High performance graphics and computation - OpenGL ES and RenderScript
High performance graphics and computation - OpenGL ES and RenderScript
 
Dexetra Labs - Building Apps that can get featured
Dexetra Labs - Building Apps that can get featuredDexetra Labs - Building Apps that can get featured
Dexetra Labs - Building Apps that can get featured
 
July 2013 Meetup : Introduction To App Publish - Ujjwal Kabra
July 2013 Meetup : Introduction To App Publish - Ujjwal KabraJuly 2013 Meetup : Introduction To App Publish - Ujjwal Kabra
July 2013 Meetup : Introduction To App Publish - Ujjwal Kabra
 
July2013 Meetup : App Store Optimization - Shankar soma
July2013 Meetup : App Store Optimization - Shankar somaJuly2013 Meetup : App Store Optimization - Shankar soma
July2013 Meetup : App Store Optimization - Shankar soma
 
June2013 Meetup : Activity Recognition API - Walkmeter - Michal Depa
June2013 Meetup : Activity Recognition API - Walkmeter - Michal DepaJune2013 Meetup : Activity Recognition API - Walkmeter - Michal Depa
June2013 Meetup : Activity Recognition API - Walkmeter - Michal Depa
 
June2013 Meetup : In-App Billing by Soham & Senthil
June2013 Meetup : In-App Billing by Soham & SenthilJune2013 Meetup : In-App Billing by Soham & Senthil
June2013 Meetup : In-App Billing by Soham & Senthil
 
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
 
IO13 Recap
IO13 RecapIO13 Recap
IO13 Recap
 

Último

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Último (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Android Security - Common Security Pitfalls in Android Applications