Android Application Security: Hacking and Defending Mobile Apps
Mobile applications handle our most sensitive data – phone calls, SMS, geographic locations, financial information… the question is – can we really tell they’re secure? Who can assure us that they are not being spied upon? Can they be abused?
Erez Metula, world renowned application security expert, industry speaker and author of "Managed Code Rootkits will answer these questions, focusing on Android mobile applications and their common vulnerabilities.
This session will be all about the security of Android applications, how they can be hacked, the common mistakes developers make, and how they can be avoided.
RecordedSep 16 201448 mins
Your place is confirmed, we'll send you email reminders
Cyber Threats have changed drastically over last three decades. From being a nuisance, they have evolved into
1. A financial instrument for Cyber Attackers, with ransomware being the primary tool in attackers’ arsenal
2. A tool to sabotage operations or exfiltrate sensitive information, using sophisticated attack techniques known as Advanced Persistent Threats (aka APTs)
Attack groups behind APTs are highly sophisticated and well-funded. This enables them to invest heavily in reconnaissance & design attacks before launching them against intended target. Because of this elaborate planning & inherent complexity, such attacks are extremely hard to detect & protect against. As more & more critical infrastructure systems have started
utilizing digital technologies, risk posed by APTs has gone up substantially.
In this presentation we will discuss:
• What are APTs
• Example of APT attacks
• APT attacks against Operational Technology
• How to safeguard
It is Cisco’s purpose to power an inclusive future for all. This begins in the workplace with a culture that fosters diversity and inclusion. Join us on November 09, 2021, to hear about the role of male allies in helping to foster an environment of diversity and inclusion.
The Cyber Table Top (CTT) process was developed in 2014 to support DoD customers who were overwhelmed by the sheer number of findings produced by traditional cybersecurity scanning tools and checklist processes. These tools and processes identify a very large number of possible vulnerabilities for a system but didn’t provide context for which vulnerabilities might truly lead to potential mission failure. Since budgets are limited, customers need methods of focusing on the most critical vulnerabilities which present the highest risk to their systems. The CTT process is focused on producing actionable cyber vulnerability data in an approachable risk matrix format to enable teams to focus resources. CTTs bring together system developers and maintainers, system users, and expert red teams to execute a multi-day wargame that focuses on the security evaluation of threats that would deny, degrade, disrupt or destroy a system and prohibit users from accomplishing their core mission. By assessing the potential mission impact of vulnerabilities as well as their likelihood/difficulty it provides a way to understand the relative risks of various vulnerabilities and focus the remediation efforts. The CTT process has been used to support DoD system cyber security evaluations in various lifecycle stages from design through long-term maintenance. It has been used to identify and mitigate threats that later were witnessed “in the wild” and caused significant negative impacts to other systems. It has become so popular that an official DoD Guidebook and training course was developed in 2018.
Diversity and inclusion in the technology industry and workforce do not happen overnight. Hear from trailblazer Michele Guel, who helped pave the way for future generations of women to get involved in technology and cybersecurity. Learn how Michele’s career began, what the technology culture and landscape were like when she started in her career (the hurdles, hoops, and wins); and how to start and stay in cybersecurity, including today’s challenges and career outlook for women in the technology industry.
Irwin Lazar, President and Principal Analyst, Metrigy
The world of work has shifted as now more employees work remote than are in the office. Succeeding in this new paradigm requires a proactive strategy to ensure that employees have the right apps and devices, and that IT is equipped to support the virtual office as it supports the physical office. In this webinar, Metrigy President and Principal Analyst Irwin Lazar will share the latest research into how organizations equip and manage remote employees to ensure collaboration success.
He'll answer questions including:
How to ensure high quality voice and video performance from anywhere?
What devices to provision, and how to manage them?
What role should IT play in equipping and managing remote employees?
How to ensure security of applications, regardless of location?
How to ensure collaborative culture for in-office, remote, and hybrid employees?
What applications are required beyond messaging and video?
An ethical hacker’s view of the mordern corporate network. Looking through how effective different network hardening methods have been in keeping hackers out, from someone who breaks in for a living. In this talk we’ll look through different methods for securing your networks regardless of where your staff are located – and how to test to see if it’s all working.
How to harden systems effectively
Practical steps to protect networks (it’s not all patching, passwords, and perimeters!)
Alternatives to traditinal security testing methods
Jordan M. Schroeder, Managing CISO, Barrier Networks
Organizations experienced a massive shift in how they operated when the pandemic sent them into initial lockdown. Longstanding digital transformation plans suddenly kicked into high gear, and we've been "staying the course" ever since. However, everything is likely about to change again, and planning for what's next might be a bigger challenge than we realise due to "perfect uncertainty."
In this talk, CISO Jordan Schroeder will cover:
The challenges we should be ready for,
How to devise a strategy to prioritise those challenges, and
Specific risks to consider as we emerge from a pandemic.
Mathieu Gorge, CEO, VigiTrust, and author of The Cyber Elephant in the Boardroom
This talk will discuss the new working habits emerging post-pandemic and cover the key risks associated with today’s enterprise ecosystem. It will explain what the board of directors, C-suite and other key stakeholders need to consider when designing and maintaining their security strategies. Mathieu will provide a mix of strategic, technical and operational advice to make it all work for your organization.
Audience members will learn about:
Post-pandemic working habits and how they disrupt the traditional IT ecosystem
New risks that come with new working habits
Cyber accountability and why it matters
Global privacy frameworks and how to choose one
Making cybersecurity a continuous measurable process
Gartner’s 2019 Architecture on the Secure Access Services Edge (SASE) set the stage for closing the gaps in security created by the distributed environment created with the deployment of Wide Area Networks over public infrastructure (created with IPsec and SD-WAN). This was underlined and emphasized with Forrester’s 2021 paper on the Zero Trust Network Edge. The Forrester paper also directed Enterprises to merge their networking and security teams or ‘Sunset Your Business’. While one could view this statement as hyperbole, in reality it does not go far enough.
• IT Silo’s complicate security and network connectivity
• The Zero Trust Architecture (ZTA) requires a risk based approach to protecting data and this involves new ways of thinking about identity, privileged access, segmentation and defense
• Enterprises need to migrate to an ‘All of Enterprise’ approach to security and this will involve more than just the network and security teams
• IT Culture will need to change and we will explore how to solve both the organizational and technological issues facing Business and IT Leaders today
Secure Access Service Edge (SASE) has quickly become part of the day-to-day lexicon. But questions abound:
What exactly is SASE?
Will it make enterprise data more secure?
How will organizations secure their data in a cloud-first world when the user and information are completely outside the enterprise boundary? How do SASE frameworks compare to traditional network protection, such as Secure Web Gateway, Next-gen Firewalls, Remote Access, and DLP?
This session breaks down the components of SASE and makes sense of practical implementation in a current technology stack.
SASE is a relatively new networking security architecture that has become incredibly popular as a result of the growth of work-at-home and cloud computing. The network security components are well understood. The ability to provide zero trust using SASE is being established. Additionally, many vendors are working to working to enable SASE capabilities. However SASE includes so much more. The session will provide the listener the following information on how to provide additional security flexibility within a SASE environment:
Where SASE is strong and areas where greater security flexibility is required;
How SASE is made stronger with Browser Isolation, Web API Protection and Data Security;
Specific capabilities that allow SASE to foster data loss prevention; and
A perspective on how to incorporate flexibility into SASE efforts.
The pace of emerging technologies has increased significantly, challenging individuals to maintain knowledge of relevant skills and Business Areas to staff programs with the appropriate level of engineering skills needed for optimum performance on contract in a timely manner. Develop strategies that enable a proactive rather than reactive approach, allowing engineers and organizations to stay ahead of the curve to optimize on contract performance and be prepared for future work. Learn about different engineering shapes to determine which shape is most appropriate for you and /or your organization. Broaden your horizons and explore available options that can be used to develop a Personal Development Plan that includes learning new skills and gaining experience using these skills. Don’t miss opportunities – stay ahead of the curve!
Pam Sheary is a Lockheed Martin Fellow with 30+ years of software and systems engineering experience in the Department of Defense (DoD) industry, including 12 years managing International software development efforts. She continues to serve as the Chief Software Engineer on very large government contracts. Pam is a recognized technical leader within Agile / DevSecOps, Quantitative Management, and Risk and Opportunity Management. Pam’s work to establish Enterprise-level Code Quality has been leveraged across various government agencies. Prior to joining Lockheed Martin, Pam served in various Software and Systems engineering roles developing and testing software embedded systems and application development tools with geographically dispersed teams. Pam earned a bachelor’s degree in Computer Science & Mathematics from the University of Pittsburgh with continued graduate studies in Computer Engineering and Web Design /Accessibility. She holds several certifications, including the Scaled Agile Framework (SAFe®) and SAFe® for Government.
Ashwin Pal | Partner, Cyber Security and Privacy Risk Services | RSM Australia Pty Ltd.
It is now widely known that SMBs are a key target for cyber criminals. They are now seen as the ‘low hanging fruit’ as SMBs generally cannot afford the same investment in cyber security initiatives when compared to larger firms. Unfortunately, as far as the cyber criminals are concerned, anyone on the internet is fair game. Unlike their larger counterparts, a cyber attack on an SMB can be very debilitating and can even cause the business to shut down. SMBs face their own unique challenges when it comes to defending against cyber-attacks. Within this presentation, you will hear about how the Invictus Games in Sydney in 2019 was secured using minimal funding and time as a case study. We will then explore some of the unique challenges faced by SMBs when it comes to cyber security. We will look at how focusing on your core business and risk management helps direct efforts to the right places in a cost effective manner. We will then explore what a typical attack looks like and discuss the basics that need to be covered to provide an SMB with an ability to defend itself from cyber-attacks while avoiding overspend.
Alexis Robinson, Olivia Liddell, Janeen Morehead and Nafi Diallo
Imposter syndrome often involves experiencing feelings of inadequacy and insecurity, particularly in the workplace. In this session, you will learn about imposter syndrome from the perspectives of four Black women in tech. This includes how to recognize imposter syndrome and actionable strategies that you can take to help you overcome it.
Cloud is where our data lives, is where code resides, applications run, and decisions are made. With this huge responsibility placed on Cloud, it becomes a rich target for attackers to mime private data, insert malware into code or applications, as well as influence the decisions. This talk will provide an overview of cloud security, with an emphasis on secure design leaning on core building blocks such as Identity Management, storage security, key management.
On Tuesday 12th October at 13:00 BST, Dan Norman, Senior Solutions Analyst at the ISF will be discussing Human-Centred Security and how to effectively manage behaviour.
In this session we will be addressing:
- The vulnerabilities in human behaviour that make them susceptible to manipulation
- The key factors that influence security behaviour
- Strategies and initiatives to protect the workforce and to effectively manage security behaviour.
Dan Norman is a Senior Solutions Analyst at the ISF, helping ISF Members to manage current and emerging information/cyber risks. Dan’s historical focus has been on threat intelligence and technology forecasting, with emphasis on running cyber security exercises to prepare organisations for future threats. Dan is also the lead author of the human-centred security research series, which leverages psychological theory to understand manipulative attack techniques and identifies how weaknesses in the human mind can lead to security incidents.
Peter Wood, Partner and Lead Consultant, Naturally Cyber LLP
Most security awareness training fails.
Typically, it’s boring, condescending or wrong, and sometimes all three. This webinar has a different approach: calling on principles from sales and marketing, ethical hacking, education theory and creative writing. Learn how your awareness training can generate empathy, tension and emotional investment, enticing your audience to keep watching. Many people prefer reading fiction to academic papers, as humans are naturally drawn to stories.
An engaging, relevant narrative will transform your awareness training from boring to captivating, changing the way your audience thinks and even behaves.
In recent times, dealing with insider threats has become one of the critical aspects of protecting IT assets of any organization. Traditional security measures tend to focus on external threats and are not necessarily capable of identifying an internal threat. As a result, when it comes to data breaches, around 50% of them have been, directly or indirectly, caused by insiders! In fact, it would not be an overstatement to claim that insider threats are bigger danger to organizational security than any external threats.
Insiders have legitimate access to the company’s network and sensitive data, so it is difficult to identify intent behind accessing that sensitive information. This makes it easy, for an Insider to leak the data, either with malicious intent or just by carelessness.
In this session, we will cover:
- What is Insider Threat?
- Types of Insider Threats.
- Insider Threat examples.
- How to protect against an Insider Attack
5G IoT is the latest in the IoT World. This next generation of mobile technology, with features such as Enhanced Mobile Broadband, Ultra-Reliable Low Latency Communication, and Massive IoT, is set to radically re-shape today’s mobile networks. This webinar aims at depicting the high-level composition of the end-to-end 5G network architecture termed as 5GS (5G System) and Security in this space.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.
Android Application Security: Hacking and Defending Mobile AppsErez Metula, Application Security Expert. Author of the book "Managed Code Rootkits". Founder of AppSec Labs[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]47 mins