APPSEC EU15 – DAN CORNELL – MOBILE APPLICATION ASSESSMENTS BY THE NUMBERS: A WHOLE-ISTIC VIEW

Posted on Posted in SecConf

Description: By analyzing the data from over 100 mobile application security assessments, we identify the typical types of mobile vulnerabilities, the system components that contain those vulnerabilities, the components where given types of vulnerabilities cluster, and how to test for each of these. Attendees will learn in the session how to identify these vulnerabilities, how […]

APPSEC EU15 – FLORIAN STAHL, STEFAN BURGMAIR – OWASP TOP 10 PRIVACY RISKS

Posted on Posted in SecConf

Description: Discussions about how to protect personal data are lively, but still there was no specific and independent description of privacy risks for web applications available. Thus, companies lack guidance to apply during systems development and users cannot easily check whether they take privacy risks. Therefore the OWASP Top 10 Privacy Risks project was founded […]

APPSEC EU15 – WOJTEK DWORAKOWSKI – E-BANKING TRANSACTION AUTHORIZATION

Posted on Posted in SecConf

Description: E-banking transaction authorization – possible vulnerabilities, security verification and best practices for implementation Most of the modern internet or mobile banking applications use some sort of second factor, such as TAN lists, SMS codes, time-based OTP tokens, etc. to let user verify banking operations and to protect against MitM or malware attacks. During security […]