SECURITY WEBINAR

APPS OF STEELMartin GandarStrategic Marketing Director

Derk TegelerSecurity Director

• State of mobile security• Mitigation strategies• Security by design• Software development• M2Active™, the App Lifecycle Platform

AGENDA

STATE OF MOBILE SECURITY

• Software on the move• The mobile operating

system• The apps and the stores• The software distribution

problem• Malware

MOBILE SECURITY: NETWORKS• Networks

• Control• The need for encryption

against MITM attacks– Telephone networks– Public Wi-Fi hotspots– rogue access points

• Issues with DNS• Issues with the Public Key

Infrastructure (PKI)

MITIGATION STRATEGIES• Accountability in business processes• Budget• Risk analysis

• Risk = impact*likelihood• Information classification and

protection rules per class for:• Transmission, Storage & Processing

• Multiple information transmission channels

• Awareness of known vulnerabilities

SECURITY BY DESIGN• Information classification• Risk analysis• Threat modelling• Dependencies• Use several security levels• Good key management

SOFTWARE DEVELOPMENT• Secure coding standards• Defensive programming• Don’t leak!• Document: in the code, release notes and all other documentation.

• Collaborative development• Maintenance• Code transfers• The App lifecycle

THE APP LIFECYCLE PLATFORM ™

- Encrypted object code providing integrity and confidentiality of the software package

- API’s- Secure Coding Standards giving

our partners a strong basis- Templates, best practices and

code snippets

M2ACTIVEAPI’S- API’s:

- Authentication Manager- Crypto / cryptographic

functions:- Base64 encoding and decoding- SHA-1 and SHA-256 hashing- AES encryption and decryption- Key generation algorithms

- HTTPS support, including OAUTH

THANK YOU FOR YOUR TIMENEXT WEBINAR:18th OF JUNE:ORGANIZING FOR ENTERPRISE APP PORTFOLIOS

SECURITY WEBINAR

APPS OF STEELMartin GandarStrategic Marketing Directormgandar@service2media.com0044 7770 366 566

Derk TegelerSecurity Executivedtegeler@service2media.com0031 6 16 47 29 52