Name: The Vulnerability Epidemic in Mobile Financial Apps
Start: 2019-04-23T17:00:00Z
End: 2019-04-23T17:00:44.000Z
Location: BrightTALK
Rating: 5

Arxan provides comprehensive app-level security, and enterprise app governance enforcement. Our wide range of patented security capabilities, including dynamic app policy engine, code hardening, obfuscation, white-box cryptography and encryption, and threat analytics help enterprises protect valuable customer, business and IP data.

You can’t rely on network or perimeter security to protect web applications, your business or your customers from card skimming attacks. The reason? Web apps that use  HTML, CSS or JavaScript, including your eCommerce checkout page, are especially vulnerable to client-side attacks that can result in a devastating data breach like the ones that affected British Airways and Ticketmaster. And the bad news is that these Magecart-style data exfiltration attacks are only becoming more targeted, more frequent, and are resulting in fines and or penalties in the hundreds of millions of dollars.

To protect against data theft, most organizations depend on traditional security controls that monitor network and server traffic, not client side code. But as more business logic and functionality is being executed in the browser in order to improve customer experience and performance, the riskier this strategy becomes.

As the busiest shopping season of the year approaches, is your website – and your customer data – protected? Find out how you can defend against client-side data exfiltration and prevent web apps from becoming an attack vector. 

In this webinar, we’ll cover:
-How Magecart and other digital skimming attacks are able to thwart traditional security measures
-How to protect web apps against client side threats
-What you should look for in an application security solution

Protect your organization & customers from card skimming Magecart-style attacks

Connected medical devices are now an integral part of modern healthcare – from insulin pumps to pacemakers, these devices improve health outcomes and quality of life for patients. Unfortunately with the increased use of these devices comes additional cybersecurity risk, particularly when it comes to the applications that manage them. 

Arxan Director of Security Engineering Matt Clemens explains how to protect web and mobile apps from reverse engineering to prevent IP theft, the breach of sensitive patient data, and improve patient safety.

Protecting Connected Medical Device Apps

When it comes to finance, mobile banking or payments apps, maintaining customer trust is crucial to protecting brand equity and revenue. But according to recent analyst research, a majority of mobile finance apps lack the security controls and code hardening necessary to prevent applications from being compromised. And relying on legacy methods – like network or perimeter protection that is incapable of detecting these kinds of attacks – can have dire consequences.
 
In this webinar, Aite Senior Analyst Joseph Krull and Arxan senior security engineer Paul Dant will discuss how the growing demand by mobile apps for API access is changing the security landscape, and what you can do to protect your organization from a costly breach (hint: it starts with protecting your applications). 

You’ll learn:
-How easily mobile apps can be reverse engineered - the first step in circumventing  traditional security approaches 
-How common app vulnerabilities and development mistakes can lead to data exposure
-What’s necessary to implement a comprehensive mobile app security strategy

Mobile App & API Access Attacks: A New Security Frontier for Financial Services

DevSecOps is a popular buzzword in the DevOps ecosystem. Understanding why people care about DevSecOps is simple - It extends DevOps processes into software security. The goal of DevSecOps is to build the mindset that everyone is responsible for security — and that security needs to be built into the development process, rather than as a perimeter around apps and data.

In practice, implementing DevSecOps is problematic, with no single button that can be pushed to achieve DevSecOps. Nor is there a specific tool that can be acquired or particular process to follow.
Achieving DevSecOps requires a revisiting of existing DevOps processes and IT resources, then designing a comprehensive strategy that integrates application security into all of them.

Topics in this webinar include:
•	Value of transforming existing DevOps to embrace DevSecOps practices
•	Understanding how to achieve the perfect balance on the DevSecOps 'shift-left' approach
•	Application security and its importance in DevSecOps processes

The Importance of App Security in the Securitization of DevOps

APIs are more than a tool for integration: they are changing the way companies do business. APIs enable new business models and faster time-to-market, make it easier to drive digital transformation, and make it possible to create better customer experiences for web and mobile apps. But without a comprehensive API strategy enterprises will be hard pressed to expand access to corporate assets without unnecessary risk. Today most organisations don't even know how many APIs they’ve deployed, let alone if they are secure. That’s a scary proposition when you consider that API exploits are expected to become the most frequent attack vector for enterprises over the next two years.
 
In this webinar, guest speaker Randy Heffner of Forrester and Arxan’s Ken Jochims will discuss how APIs are driving digital innovation, how these changes expand an organisation’s attack surface, and key considerations for API security. You’ll learn:
 
-Common ways enterprises use APIs
-The security risks and attack scenarios APIs face
-The key components to comprehensive API protection
-Why it’s important to incorporate API security as part of DevOps
-How to get started with an API security strategy

APIs, digital transformation and the need for a new approach to security

Connected medical devices are now an integral part of modern healthcare -- from pacemakers and insulin pumps to wearable monitoring devices -- patients rely on these devices to maintain their health. However, persistent and unmitigated vulnerabilities in medical device hardware and applications are putting sensitive protected health information (PHI) and patient safety at risk.  

Potentially compounding these risks is the increase in patient reliance on telehealth and the expansion of employee remote work arrangements. In this webinar, special guest and Forrester Senior Analyst Chris Sherman will discuss the medical device and application cybersecurity risks healthcare companies face, along with the potential impacts to patient safety, data privacy, and device integrity. Arxan Director of Security Engineering Matt Clemens will also share: 

-How to improve patient safety, and prevent theft of sensitive patient information or valuable intellectual property using a layered security approach
-How to protect healthcare applications against reverse engineering using code hardening, obfuscation, and key and data encryption 
-How threat monitoring and alerting counters threats in real-time and enables proactive attack response

Protecting Connected Healthcare Applications and Intellectual Property

What’s standing between many mobile apps and an epic breach? According to new research, about 8.5 minutes.
 
A study conducted by global research and advisory firm Aite Group examined the protective capabilities of 30 different financial services applications found on the Google Play store. Using commonly available software tools, study author and Aite senior cybersecurity analyst Alissa Knight discovered nearly all of the apps could be easily reverse engineered – in less than nine minutes on average – exposing sensitive information such as personally identifiable information, account credentials, intellectual property, QA/test and production API urls, private certificates, and API keys/locations.
 
In this webinar, Knight and Arxan chief scientist Aaron Lint discuss the report findings and share best practices to enhance mobile app protection. You’ll learn:
-Common app vulnerabilities and the sensitive information they can reveal
-Top development mistakes that lead to data exposure
-Strategies for implementing app protection into the software development lifecycle

The Vulnerability Epidemic in Mobile Financial Apps

Web and mobile applications have become the primary customer touchpoint for financial services, payments, hospitality, travel and scores of other businesses. With the increased dependence on applications comes greater opportunity for attacks to expose customer data, sensitive IP, or a roadmap into an organisation’s back-end infrastructure. In 2018 high-profile attacks hit major hotel chains, international airlines and banks, leaving companies in a tailspin to repair customer trust and brand damage. The top two attack methods for such breaches? Software vulnerabilities and web app attacks.
 
Join Arxan Director of Product Marketing Ken Jochims and special guest Forrester Principal Analyst Amy DeMartine to learn how the threat landscape may evolve in 2019, and what you can do to strengthen app security. We’ll cover:
 
-What makes applications inherently insecure
-The anatomy of an application attack (web and mobile)
-How to build your security stack to defend against app level threats

Your App Security Stack: How to Defend Against the Evolving Threat

Web and mobile applications have become the primary customer touchpoint for financial services, payments, hospitality, travel and scores of other businesses. With the increased dependence on applications comes greater opportunity for attacks to expose customer data, sensitive IP, or a roadmap into an organization’s back-end infrastructure. 

In 2018 high-profile attacks hit major hotel chains, international airlines and banks, leaving companies in a tailspin to repair customer trust and brand damage. The top two attack methods for such breaches? Software vulnerabilities and web app attacks.
 
Join Arxan Director of Product Marketing Ken Jochims and special guest Forrester Principal Analyst Amy DeMartine to learn how the threat landscape may evolve in 2019, and what you can do to strengthen your app security posture. We’ll cover:
 
-What makes applications inherently insecure
-The anatomy of an application attack (web and mobile)
-How to build your security stack to defend against app level threats

Piracy, cheating, counterfeiting and other attacks can make or break a game economy. But common game security techniques have a reputation for slowing game performance, hurting user experience and being ineffectual. It puts the burden of security expertise on developers and often disrupts the software development lifecycle, slowing down time-to-market. But it doesn’t have to be this way.

Join Arxan Security Engineer Dave Bott as he shares security strategies to protect your web and mobile games, help you fight back against hacks, cracks, and theft, and maximize revenue, all without compromising performance or slowing time to market. We'll cover: 

-How to defend games against tampering that leads cheating and piracy
-How app hardening and data and key encryption can help prevent content theft and fraudulent licenses 
-The benefits of real-time threat data and how to incorporate it into your security strategy to block and frustrate attackers

Protecting Mobile, PC/Mac and Online Games

Think the attacks that breached two international air carriers’ applications can’t happen to your organisation? If you’re relying on network or device security solutions to protect your apps, you might want to think again.

Web and mobile applications are among the most common weak points in an organisation’s security posture, and that includes financial services institutions. Traditional security measures like firewalls, WAFs or device solutions can’t defend web and mobile apps from reverse engineering or tampering.

To adequately protect APIs, customer data, valuable IP and your backend systems, you need to rethink your security approach. Join Arxan Senior Security Engineer Chris Mizell and Director of Product Marketing Ken Jochims to learn:

-How to protect your mobile and web banking apps with app shielding technology
-How visibility into your app ecosystem can help stop attackers and prevent breaches
-How to implement app protection without getting in the way of your development cycle

Preventing Financial Application Breaches: Why App Security Matters

As connected medical devices become more commonplace, so do the threats of cyberattacks targeting applications that connect to these devices. Inadequately protected apps are vulnerable to reverse engineering and tampering, which can threaten patient safety, expose sensitive data, compromise valuable IP, and result in lost revenue, regulatory and governmental penalties. Traditional perimeter, network or device security methods are not sufficient to prevent these types of attacks. 

Join Arxan to learn how to defend your web and mobile apps, improve patient safety, protect IP, and help prevent data breaches.

Protecting Connected Healthcare Applications from the Inside Out

As connected cars become mainstream, the mobile applications that interact with them continue to evolve and add sophisticated functionality. This creates a growing security risk from vulnerable mobile apps that provide access to a wide range of critical vehicle functionality.

Without intelligently protecting these mobile apps, connected car manufacturers and customers will become targets for cybercriminals looking to take advantage of this new and expanding market.
 
Learn how to protect connected car apps and help prevent reverse engineering attacks with application hardening and real-time threat analytics. In this workshop, you’ll learn: 

-How to reduce the risks associated with unprotected vehicle apps
-How to implement a robust application protection solution without disrupting the software development lifecycle.
-The benefits of real-time threat data and how to incorporate it into your security strategy

Securing Connected Vehicle Applications

Think the attacks that breached two international air carriers’ applications can’t happen to your organization? If you’re relying on network or device security solutions to protect your apps, you might want to think again.

Web and mobile applications are the most common weak point in an organization’s security posture, and that includes financial services institutions. Traditional security measures like firewalls, WAFs or device solutions can’t defend web and mobile apps from reverse engineering or tampering.

To adequately protect APIs, customer data, valuable IP and your backend systems, you need to rethink your security approach. Join Arxan Senior Security Engineer Chris Mizell and Director of Product Marketing Ken Jochims to learn:

-How to protect your mobile and web banking apps with app shielding technology
-How visibility into your app ecosystem can help stop attackers and prevent breaches
-How to implement app protection without getting in the way of your development cycle

Traditional network and app security approaches are no longer sufficient to protect high-value apps running in untrusted environments. Knowing the status of apps running in the wild and whether they are under attack is key to responding to the ever changing threat landscape. Visibility into when, how and from where an attack is happening, and the ability to optimize your response in real time can mean the difference between stopping a threat before it spreads or picking up the pieces after the fact.

In part three of our application security series, we’ll share best practices for app protection and mitigation, plus how Arxan’s comprehensive app protection and alerting capabilities can help prevent reverse engineering, code tampering, IP theft, and help level the playing field with attackers.

Trust But Verify: Mobile App Protection Best Practices - Arxan AppSec Series 3/3

Everyone knows that high-value mobile applications like banking or payment apps can be the gateway to a treasure trove of sensitive information. What most organizations may not understand, however, is just how easy it is to reverse engineer applications after they’ve been deployed to an app store, using freely available tools. In part two of our application security series, Arxan Senior Security Architect Chris Stahly will demonstrate how easily an attacker can gain access to IP, customer data, and even encryption keys if a high-value app is not properly protected. We’ll discuss ways to improve mobile app security, reduce threat response times and minimize the impact of an attack using real-time threat intelligence.

Mobile App Reverse Engineering is easier than you think: Arxan AppSec Series 2/3

What’s standing between many mobile apps and an epic breach? According to new research, about 8.5 minutes.
 
A study conducted by global research and advisory firm Aite Group examined the protective capabilities of more than 30 different financial services applications found on the Google Play store. Using commonly available software tools, study author and Aite senior cybersecurity analyst Alissa Knight discovered nearly all of the apps could be easily reverse engineered – in less than nine minutes on average – exposing sensitive information such as personally identifiable information, account credentials, intellectual property, QA/test and production API urls, private certificates, and API keys/locations.
 
In this webinar, Knight and Arxan chief scientist Aaron Lint discuss the report findings and share best practices to enhance mobile app protection. You’ll learn:
-Common app vulnerabilities and the sensitive information they can reveal
-Top development mistakes that lead to data exposure
-Strategies for implementing app protection into the software development lifecycle

Application Security

Application Vulnerabilities

Threat Detection

Threat Analysis

Secure Development

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

The Vulnerability Epidemic in Mobile Financial Apps

Presented by

About this talk

More from this channel