This document discusses mobile web and apps, their ecosystem, and security considerations. It begins by defining mobile web and apps, including different mobile platforms. It then outlines the ecosystem involving app stores, developers, networks and users. The document details security aspects of mobile web, such as encryption, authentication and threats. It also covers security of mobile apps regarding app platform guidelines, reviews, permissions and sandboxes. Finally, it presents a "pyramid of safety" involving different levels of security from safe usage to physical security. The overall message is that mobile web and apps will significantly impact experiences and understanding their security is important.
2. Who are they and how are they
changing our world?
Pic: Free Lib:
http://office.microsoft.com/en-us/images
3. Today’s Agenda
What is Mobile Web
What is Mobile App
Mobile Web and App Ecosystem
Inside the Mobile
Security in Mobile Web
Security in Mobile App
The Pyramid of Safety
4. What is Mobile Web and Apps
Mobile Web
Mobile Apps
Android
iOS
Windows Mobile
5. On Premise or Off Premise Physical Access (internal/third party)
Enterprise Security
Software
Web Developers
Web Servers
App Stores The Network
App Developers
On Premise or Off Premise
Enterprise Security
Software
Mobile Web And Mobile
On device
App Ecosystem – The
phone Security Perspective
Security
Software
Phone User
6. Inside the Mobile
6
Wireless
RF
Microphone (e.g.
GSM,CDMA)
SIM Cards
RAM
Browser or
ROM OS Native Apps
Calender
Pictures
Phone Book
Or
Mail, SMS
Videos
Keyboard
Speaker Access
Battery
Power
Supply
7. Security in Mobile web
Decide on Device Class
What is stored where? – cookies, passwords?
Encryption – Off and on wire, Data & meta data
Multi Factor Auth
Anti Virus
Intrusion Detection /Prevention
Web Threats …SQL Injection, Cross Site Forgery
8. Security in Mobile web - Continued
PCI DSS
Identity , Previlidge and Access
Sign in vs Sign off
Logical and Physical Security
Trusted/Untrusted Access/URLs
Impact of Non Standard OSs
9. Security in Mobile app
Security and Hosting Guidelines per app platform
Signed Apps
Marketplace security
App to desktop sync risks
Who reviewed the app?
Security Ratings
Install and Run previlidges of apps
10. Security in Mobile app - continued
Remote Clean
Access to areas of the phone
Second Factor Auth
Sandboxes
Physical Security
Security as a Service
11. The Pyramid of Safety
11
Safe Internet
/App usage practices
Web Site Security/App Security
Browser Security/Web App Store Security
Network and on device Security (anti virus
/Identity/Access/Privilege Management)
Physical Security – device and server
12. In Summary
Mobile Web and Apps are going to significantly
impact our browsing experiences
Know the ecosystem they work in
Security aspects
The pyramid of Safety
13. The changed world is here !!!!!
Pic: Free Lib:
http://office.microsoft.com/en-us/images