SlideShare uma empresa Scribd logo

A day in the life of a pentester

Transferir como PPTX, PDF
Cláudio André
Cláudio André

A brief introduction of what is a pentester, followed by introduction to Pentesting in Android with some practical examples and recommendations.

Tecnologia
1 de 41
A day in the life of a pentester @clviper ca@integrity.pt Cláudio André
• whoami • Who is a Pentester? • Mobile App Architecture • Android Mobile App Components • OWASP Top 10 Mobile Risks • Practical Examples • Security Recommendations /// Agenda
10+ years working in Information Systems. Pentester at BSc in Management Information Technology at ULHT. Offensive Security Certified Professional (OSCP) Security Blog: http://security.claudio.pt /// whoami
Ethical Hacker.
Ethical Hacker. Identify, Explore and Report vulnerabilities.
Ethical Hacker. Identify, Explore and Report vulnerabilities. Web applications, Infrastruture and Mobile apps.
/// Mobile App Architecture
Client /// Mobile App Architecture
Network /// Mobile App Architecture
Server /// Mobile App Architecture
Activities /// Android Mobile App Components
Activities Services /// Android Mobile App Components
Activities Services Broadcast Receivers /// Android Mobile App Components
Activities Services Broadcast Receivers Content Providers /// Android Mobile App Components
Zip Archive. Contains Dalvik class files, assets, resources and AndroidManifest.xml. Stored at /data/app. Android Application Package File (.apk) /// Android Mobile App Components - APK
Presents information about the app to the system. Describes app components. Define permissions. AndroidManifest.xml /// Android Mobile App Components – AndroidManifest.xml
XML format file with key-value pairs. App settings. /// Android Mobile App Components – Shared Preferences
Single file relational database used to store application data and settings. /// Android Mobile App Components - SQLite
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// OWASP Mobile Top 10 Risks
/// FourGoats Manifest
/// M2 – Insecure Data Storage M3 – Insufficient Transport Layer Protection M4 – Unintended Data Leakage
/// M2 – Insecure Data Storage
/// MSRC Answer
/// M7 – Client Side Injection
/// M7 – Client Side Injection – Python POC
M2 - Insecure Data Storage - Shared Preferences without MODE_WORLD_READABLE. - Sensitive information should not be stored. If needed, should be encrypted from derivation of user Password/PIN and not with hardcoded encryption keys. Still vulnerable to offline brute-force. Enforce strong password policy. M3 - Insufficient Transport Layer Protection - Apply TLS transport in channels that the app transmits sensitive information to the backend. - Implement Certificate Pinning if very sensitive information is transmitted. /// Security Recommendations
M7 - Client Side Injection - Only export components(Activities,Services,Broadcast Receivers, Content Providers) that make sense and that cannot bypass access controls and leak Internal information. - Always validate User Input. M10 - Lack of Binary Protection - Obfuscate your code, at minimum with ProGuard. Dont make your attacker life easier. /// Security Recommendations
www.bsideslisbon.org
Thank you Questions? Doubts?

Recomendados

Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Fpweb
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFiQuick Heal Technologies Ltd.
 
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseFive mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseNowSecure
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 

Recomendados

Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Fpweb
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFiQuick Heal Technologies Ltd.
 
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseFive mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseNowSecure
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an Antivirus5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an AntivirusQuick Heal Technologies Ltd.
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
 
Smartphone security issues
Smartphone security issuesSmartphone security issues
Smartphone security issuesAleksandra Gavrilovska
 
Xamarin security talk slideshare
Xamarin security talk slideshareXamarin security talk slideshare
Xamarin security talk slideshareMarcus de Wilde
 
30 Killer Internet Security Tips
30 Killer Internet Security Tips30 Killer Internet Security Tips
30 Killer Internet Security TipsQuick Heal Technologies Ltd.
 
4 Precautions to Keep Your Supply Chain Data Safe
4 Precautions to Keep Your Supply Chain Data Safe4 Precautions to Keep Your Supply Chain Data Safe
4 Precautions to Keep Your Supply Chain Data SafeAlexis Global
 
Common Security Misconception
Common Security MisconceptionCommon Security Misconception
Common Security MisconceptionMatthew Ong
 
Epoch Universal Solution: Security Offerings
Epoch Universal Solution: Security OfferingsEpoch Universal Solution: Security Offerings
Epoch Universal Solution: Security OfferingsEpoch Universal, Inc.
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityNeil Parker
 
10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must Follow10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must FollowQuick Heal Technologies Ltd.
 
mcafee-10-steps-infographic-d2
mcafee-10-steps-infographic-d2mcafee-10-steps-infographic-d2
mcafee-10-steps-infographic-d2Monica Hamilton
 
Why are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityWhy are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityQuick Heal Technologies Ltd.
 
Re solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicRe solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicJacob Tranter
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Community Protection Forum
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 

Mais conteúdo relacionado

Mais procurados

Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an Antivirus5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an AntivirusQuick Heal Technologies Ltd.
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
 
Xamarin security talk slideshare
Xamarin security talk slideshareXamarin security talk slideshare
Xamarin security talk slideshareMarcus de Wilde
 
4 Precautions to Keep Your Supply Chain Data Safe
4 Precautions to Keep Your Supply Chain Data Safe4 Precautions to Keep Your Supply Chain Data Safe
4 Precautions to Keep Your Supply Chain Data SafeAlexis Global
 
Common Security Misconception
Common Security MisconceptionCommon Security Misconception
Common Security MisconceptionMatthew Ong
 
Epoch Universal Solution: Security Offerings
Epoch Universal Solution: Security OfferingsEpoch Universal Solution: Security Offerings
Epoch Universal Solution: Security OfferingsEpoch Universal, Inc.
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityNeil Parker
 
10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must Follow10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must FollowQuick Heal Technologies Ltd.
 
mcafee-10-steps-infographic-d2
mcafee-10-steps-infographic-d2mcafee-10-steps-infographic-d2
mcafee-10-steps-infographic-d2Monica Hamilton
 
Why are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityWhy are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityQuick Heal Technologies Ltd.
 
Re solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicRe solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicJacob Tranter
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Community Protection Forum
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 

Mais procurados (20)

Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 
5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an Antivirus5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an Antivirus
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
 
Smartphone security issues
Smartphone security issuesSmartphone security issues
Smartphone security issues
 
Xamarin security talk slideshare
Xamarin security talk slideshareXamarin security talk slideshare
Xamarin security talk slideshare
 
30 Killer Internet Security Tips
30 Killer Internet Security Tips30 Killer Internet Security Tips
30 Killer Internet Security Tips
 
4 Precautions to Keep Your Supply Chain Data Safe
4 Precautions to Keep Your Supply Chain Data Safe4 Precautions to Keep Your Supply Chain Data Safe
4 Precautions to Keep Your Supply Chain Data Safe
 
Common Security Misconception
Common Security MisconceptionCommon Security Misconception
Common Security Misconception
 
Epoch Universal Solution: Security Offerings
Epoch Universal Solution: Security OfferingsEpoch Universal Solution: Security Offerings
Epoch Universal Solution: Security Offerings
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber Security
 
10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must Follow10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must Follow
 
mcafee-10-steps-infographic-d2
mcafee-10-steps-infographic-d2mcafee-10-steps-infographic-d2
mcafee-10-steps-infographic-d2
 
Why are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityWhy are Software Updates so Important for your Security
Why are Software Updates so Important for your Security
 
Re solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicRe solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographic
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]
 

Semelhante a A day in the life of a pentester

Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Mobile Security - Dutch Mobile .Net Developers
Mobile Security - Dutch Mobile .Net DevelopersMobile Security - Dutch Mobile .Net Developers
Mobile Security - Dutch Mobile .Net DevelopersAlberto Aguzzi
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
Mobile (in)security? @ Mobile Edge '14
Mobile (in)security? @ Mobile Edge '14 Mobile (in)security? @ Mobile Edge '14
Mobile (in)security? @ Mobile Edge '14 Mobile Edge Event
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek
 
Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAddressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAlec Tucker
 
Mobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGMobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGRomuald SZKUDLAREK
 
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsSAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsAndreas Mai
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...IBM Security
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applicationsiphonepentest
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 

Semelhante a A day in the life of a pentester (20)

Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
Mobile Security - Dutch Mobile .Net Developers
Mobile Security - Dutch Mobile .Net DevelopersMobile Security - Dutch Mobile .Net Developers
Mobile Security - Dutch Mobile .Net Developers
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
 
Mobile (in)security ?
Mobile (in)security ?Mobile (in)security ?
Mobile (in)security ?
 
Mobile (in)security? @ Mobile Edge '14
Mobile (in)security? @ Mobile Edge '14 Mobile (in)security? @ Mobile Edge '14
Mobile (in)security? @ Mobile Edge '14
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPS
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 
Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAddressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using Xamarin
 
Mobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGMobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTG
 
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsSAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
 
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applications
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 

Mais de Cláudio André

Droidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind GeneratorDroidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind GeneratorCláudio André
 
This is the secure droid you are looking for
This is the secure droid you are looking forThis is the secure droid you are looking for
This is the secure droid you are looking forCláudio André
 
Mobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastMobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastCláudio André
 
Hacker, you shall not pass!
Hacker, you shall not pass!Hacker, you shall not pass!
Hacker, you shall not pass!Cláudio André
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 

Mais de Cláudio André (6)

Droidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind GeneratorDroidstat-X, Android Applications Security Analyser Xmind Generator
Droidstat-X, Android Applications Security Analyser Xmind Generator
 
This is the secure droid you are looking for
This is the secure droid you are looking forThis is the secure droid you are looking for
This is the secure droid you are looking for
 
Is my app secure?
Is my app secure?Is my app secure?
Is my app secure?
 
Mobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastMobile application (in)security - 2nd Integrity Smart Executive Breakfast
Mobile application (in)security - 2nd Integrity Smart Executive Breakfast
 
Hacker, you shall not pass!
Hacker, you shall not pass!Hacker, you shall not pass!
Hacker, you shall not pass!
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

A day in the life of a pentester