SECURITY WEBINAR
APPS OF STEELMartin GandarStrategic Marketing Director
Derk TegelerSecurity Director
• State of mobile security• Mitigation strategies• Security by design• Software development• M2Active™, the App Lifecycle Platform
AGENDA
STATE OF MOBILE SECURITY
• Software on the move• The mobile operating
system• The apps and the stores• The software distribution
problem• Malware
MOBILE SECURITY: NETWORKS• Networks
• Control• The need for encryption
against MITM attacks– Telephone networks– Public Wi-Fi hotspots– rogue access points
• Issues with DNS• Issues with the Public Key
Infrastructure (PKI)
MITIGATION STRATEGIES• Accountability in business processes• Budget• Risk analysis
• Risk = impact*likelihood• Information classification and
protection rules per class for:• Transmission, Storage & Processing
• Multiple information transmission channels
• Awareness of known vulnerabilities
SECURITY BY DESIGN• Information classification• Risk analysis• Threat modelling• Dependencies• Use several security levels• Good key management
SOFTWARE DEVELOPMENT• Secure coding standards• Defensive programming• Don’t leak!• Document: in the code, release notes and all other documentation.
• Collaborative development• Maintenance• Code transfers• The App lifecycle
THE APP LIFECYCLE PLATFORM ™
- Encrypted object code providing integrity and confidentiality of the software package
- API’s- Secure Coding Standards giving
our partners a strong basis- Templates, best practices and
code snippets
M2ACTIVEAPI’S- API’s:
- Authentication Manager- Crypto / cryptographic
functions:- Base64 encoding and decoding- SHA-1 and SHA-256 hashing- AES encryption and decryption- Key generation algorithms
- HTTPS support, including OAUTH
THANK YOU FOR YOUR TIMENEXT WEBINAR:18th OF JUNE:ORGANIZING FOR ENTERPRISE APP PORTFOLIOS
SECURITY WEBINAR
APPS OF STEELMartin GandarStrategic Marketing [email protected] 7770 366 566
Derk TegelerSecurity [email protected] 6 16 47 29 52
