Hi [[ session.user.profile.firstName ]]

Seven Ways to Hang Yourself with Google Android

According to Google, Android was designed to give mobile developers "an excellent software platform for everyday users" on which to build rich applications for the growing mobile device market. The power and flexibility of the Android platform are undeniable, but where does it leave developers when it comes to security? In this talk we discuss seven of the most interesting code--level security mistakes we've seen developers make in Android applications. We cover common errors ranging from the promiscuous or incorrect use of Android permissions to lax input validation that enables a host of exploits, such as query string injection. We discuss the root cause of each vulnerability, describe how attackers might exploit it, and share the results of our research applying static analysis to identify the issue. Specifically, we will show our successes and failures using static analysis to identify each type of vulnerability in real-world Android applications.
Recorded Dec 7 2011 45 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Katrina O'Neil, Security Research Group, HP Enterprise Security Products
Presentation preview: Seven Ways to Hang Yourself with Google Android

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Hunting for Security Threats: Best Practices Apr 4 2017 5:00 pm UTC 45 mins
    Mary Karnes Writz, Head of Applied Innovation, HPE Security Professional Services
    Have you been planning on establishing hunting capabilities but just can’t seem to get it started? Check out this webinar to gain a clearer understanding on hunt teams and their effectiveness.

    This webinar will deep dive into successes and most importantly lessons learned from Hewlett Packard Enterprise’s own journey with leveraging emerging capabilities and hunting techniques with customers. From solving data ingestion challenges to detecting bank heists, learn from HPE’s years of building hunt teams.

    Get a broader view of the ecosystem of breach hunting technology so you can execute your own successful hunt strategy.
  • How to automate security investigation and remediation for real time response Mar 29 2017 4:00 pm UTC 60 mins
    Barak Klinghofer, Co-Founder and CPO, Hexadite and Steven Forsyth, RnD Manager, HPE Security ArcSight
    The effectiveness of a security system depends on how quickly it detects and responds to threats. Is your security system able to tackle security challenges in near real time, while reducing false positives so analysts can focus on critical events and Indicators of Compromise (IOCs)?

    HPE Security ArcSight ingests large volumes of security events and correlates against IOCs in real time to identify potential threats. Hexadite Automated Incident Response Solution (AIRS) takes these security alerts in real time and performs investigation and remediation at scale.

    Learn how the combination of these two systems gives you the ability to:
    • Gain visibility across the entire IT footprint
    • Detect security threats in real-time
    • Automate incident investigation
    • Perform automated or semi-automated remediation actions
  • Key Findings from the 2017 State of Security Operations Report Recorded: Jan 25 2017 34 mins
    Kerry Matre, Director, Security Portfolio Marketing, HPE
    Taking your Security Operations Center (SOC) to the next level has never been more critical. Organizations around the globe are investing heavily in cyber defense capabilities to protect their most critical assets. Don’t miss this webinar to explore key findings from the 2017 State of Security Operations report on cyber defense organizations’ capabilities and maturity.

    Learn what the most successful SOCs in the world are doing right, regional trends in the maturity of cyber defense capabilities and best practices to apply within your organization. Get the latest information on:

    • Opportunities in automation
    • Threat hunt teams and whether they are working
    • New compliance regulations impacting SOCs

    Register now and gain insight on the next steps your business can take to mature security operations in 2017.
  • Why you need to adopt an open architecture to secure your business Recorded: Jan 24 2017 45 mins
    Paul Brettle, ArcSight Architect, HPE Security
    With more security threats than ever before, organizations are looking to new ways to secure, manage and monitor their environments. The cost and scope associated with this issue are huge. Security environments have traditionally been closed, sealed and ‘secured’ by nature; but as organizations look to solve problems, they are embracing the idea of adopting open standards and architectures.

    By embracing new, innovative and open standards, security organizations can look to solve complex problems in a modern new way. Explore how you can expand and grow your capabilities with simplicity, and more importantly in a predictable and cost-effective way.

    This webinar will cover the evolving approach to help you solve security issues with modern open architecture solutions. Using the right approach and the right technologies are important to addressing requirements of log data storage, analysis, analytics and advanced security monitoring. Learn why integration is key and where ArcSight comes in.
  • Best Practices for Securing your DNS against Advanced Malware Recorded: Jan 19 2017 44 mins
    Chip Mesec, Product Manager and Sam Pierre, Product Marketing Manager, Hewlett Packard Enterprise
    The challenge with detecting malware is that it easily gets past traditional security solutions, placing your DNS infrastructure in harm’s way before you even notice it’s there. Hear how DNS operates and malware utilizes the DNS protocol to communicate with outside threats and exfiltrate data from an enterprise.

    This webinar is ideal for IT and security managers who have limited experience with DNS or malware but are interested in how threats use this often overlooked protocol.

    Viewers will learn:
    •Practical strategies to protect your enterprise from bad DNS traffic
    •Best practices for securing your DNS infrastructure
  • Beat Hackers Through Visibility, Precision and Quick Response Recorded: Jan 17 2017 40 mins
    Travis Grandpre, HPE Director of ArcSight Product Marketing and Justin Kelso, HPE ArcSight
    As organizations scale, having a robust security posture is critical. To achieve this, organizations rely on intelligent security operations. Visibility plays a crucial part in this. This means having visibility across boundaries, not just across networks and IT, but also into operational data and IoT devices.

    Join this presentation to learn:

    •What's needed to enable visibility into millions of events per second
    •How to provide context to the collected data
    •Role of machine learning in real-time correlation and analytics
    •How to prioritize security analyst tasks, optimize resources and save time

    Discover the capabilities powering intelligent security operations that enable you to track alerts and investigate threats at the speed of the attacker.
  • The Fortify Ecosystem: Seamless integration into the development toolchain Recorded: Jan 12 2017 39 mins
    Scott Johnson, Director of Product Management, Fortify
    Organizations moving at DevOps speed can easily integrate security testing into their Software Development Life Cycle (SDLC) workflow. Join this presentation to discover how built-in application security testing can become a seamless part of your coding process.

    Viewers will learn:

    - How integrations spanning all stages of development, deployment and production enable application security testing into the development tool chain

    - How to empower your developers to test for security vulnerabilities earlier, build better code and secure your software
  • Powering HPE Security ArcSight with Innovations in Connectors Recorded: Dec 16 2016 42 mins
    Farid Merchant and Bhuvana Krishnamurthy, HPE
    Connectors sound like a simple way of getting data from point A to point B. But that understates the tremendous power built into and delivered by connectors. This technical webinar discusses innovations in connectors to help customers detect threats originating from their cloud apps such as Office365, AWS and Box. Get an introduction to Quick Flex, the next-generation parser creation tool that makes connector upgrades quick and easy. Learn about the separation of the parser from the framework and its availability on HPE Security ArcSight Marketplace.
  • Hunting for Security Threats – Lessons Learned Recorded: Dec 14 2016 35 mins
    Mary Karnes Writz, HPE
    Have you been planning on establishing hunting capabilities but just can’t seem to get it started? Check out this webinar to gain a clearer understanding on hunt teams and their effectiveness. This webinar will deep dive into successes and most importantly lessons learned from Hewlett Packard Enterprise’s own journey with leveraging emerging capabilities and hunting techniques with customers. From solving data ingestion challenges to detecting bank heists, learn from HPE’s years of building hunt teams. Get a broader view of the ecosystem of breach hunting technology so you can execute your own successful hunt strategy.
  • Discover the Spin-Merge Benefits to our Enterprise Security Software Portfolio Recorded: Nov 18 2016 49 mins
    Sue Barsamian, SVP and GM, HPE Security Products and Chandra Rangan, Vice President, Marketing, HPE Security Products
    Get your questions answered and hear how the Spin-Merge benefits our abilities to deliver software for your security needs.

    On September 7, Hewlett Packard Enterprise announced plans for a spin-off and merger of our Software business unit with Micro Focus, a global software company dedicated to delivering and supporting enterprise software solutions. The combination of HPE’s software assets with Micro Focus will create one of the world’s largest pure-play enterprise software companies. We will remain focused on helping you get the most out of the software that runs your business.

    Join two of our HPE Software Enterprise Security leaders to hear firsthand about the recently announced spin-merge. Gain direct insight into what it means for you. This is a big opportunity for us to deliver even more of the Application Security, Data Security & Encryption, and SIEM organizations depend on in our fast moving world. Hear about our security portfolio strategy. Bring your questions and join us on this accelerated journey to success.
  • Digitally Transform with Confidence Recorded: Jul 6 2016 23 mins
    Sue Barsamian, SVP and General Manager HPE Security Products
    In today’s increasingly connected digital world, your organization needs to adapt to how employees and customers want to use IT to do business. But to embrace innovative IT with confidence, you must protect against the threats that target people, the applications they use, and the devices and data they access. In this session, we will share how building security into the fabric of your IT infrastructure, together with giving Security Operations the tools to address threats intelligently, will enable you to power your business forward with confidence.
  • Emerging Trends in Incident Response Recorded: Jun 29 2016 66 mins
    Matt Bromiley, SANS & Mark Painter, HPE Security
    The third annual SANS survey on incident response will look at the continuing evolution of incident response, how tactics and tools have changed in the last three years and how security professionals are dealing with increasing numbers and kinds of attacks. The survey report and webcast will also look at key takeaways and recommendations for practitioners and management.

    In this session, we will look at emerging trends in addition to survey results. Attendees will learn:

    How integrated incident response tools are in the typical organization
    What impediments hamper effective incident response
    How budget allocations are projected to change over the next 12 months
    Improvements planned in the next 12 months
  • Enterprise Security: Are you wasting your money? Recorded: Jun 14 2016 43 mins
    Kerry Matre, Senior Product Marketing Manager, HPE Security & Christian Christiansen, Vice President Security Products, IDC
    Disrupt Business of Hacking

    Enterprises spend millions protecting themselves from adversaries and attempting to reduce their risk. Are their investments paying off? Hear from industry expert Chris Christiansen what organizations are doing to effectively make themselves less of a target for cyber criminals and how some enterprises make themselves an easier target for their adversaries. Gain insights on how these tactics have evolved over time and get a glimpse of what the future holds.
  • Converged Security - Protect your Digital Enterprise Recorded: May 24 2016 50 mins
    Gerben Verstraete, HPE, John Kindervag, Forrester
    Join Forrester and HPE Experts discussing why enterprise investments in security aren’t having the desired impact due to reliance on point solutions and treating security as a silo, overlay function. Find out more about how Converged Security can help overcome these challenges:

    A use-case driven approach enhancing current security practices
    Integrates with existing security methods, creating a ‘security-by-design’ solution
    Uses end-to-end collaboration to embed security throughout the IT service value chain
  • Recognizing the Collective Risk, HPE 2016 Cyber Risk Report Recorded: May 17 2016 61 mins
    Jewel Timpe, Senior Manager at HPE Security Research
    In a world where all devices now have global reach, risk is no longer contained to just one organization. Breaches now have collateral damage and legislation threatens security practitioners in unintended ways. Just as attackers continue to evolve their techniques, defenders must accelerate their approach to detection, protection, response, and recovery as we move into the concept of the digital enterprise.

    Jewel Timpe, Senior Manager at HPE Security Research, will highlight our unique perspective on the attack surface. Drawing from the latest findings from the 2016 Cyber Risk Report, this session will provide critical guidance on responding to changing technology, impending regulatory changes, and reducing security threats in an interconnected world.
  • Threat Hunting: Open Season on the Adversary. Part 1 - Threat Hunting 101 Recorded: Apr 25 2016 62 mins
    Mark Painter, HPE Security Evangelist
    Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.

    In Part 1 of the webcast, attendees will gain insight into:

    What threat hunting entails
    What pitfalls stand in the way of attaining actionable results
    What organizations are discovering through threat hunting
  • Gamification of a Fortune 20 SOC Recorded: Apr 11 2016 61 mins
    Marcel Hoffmann and Josh Stevens
    Many Security Operations Centers (SOCs) struggle in 3 key areas when it comes to personnel: continuous training, extending retention and measuring effective KPIs. In this talk we introduce the combination of gamification, user experience and machine learning as a concept to address these 3 challenges. We plan to share our real world experience implementing these concepts for the internal SOC at Hewlett Packard Enterprise.
  • Data-centric Security Enables Business Agility Recorded: Mar 30 2016 31 mins
    Farshad Ghazi, Global Product Management, HPE Security – Data Security
    Data security is one of the most challenging areas facing IT across consumer-transacting businesses today. The mega-breaches in the news are not physical and traditional perimeter security is insufficient. Instead, cyber criminals steal business-critical and customer-confidential data through malware, hacking and attack vectors that exploit security gaps throughout the extended digital enterprise.

    The good news is there are standards-based, innovative data-centric technologies that protect sensitive data at rest, in motion and in use. Most important, implementing a data-centric security program does not hamper your organization’s ability to access, move, analyze, and use your data across platforms, to enable business success. CISO’s can mitigate risk while saying ‘yes’ to the business.

    Attend this session to gain a deeper understanding of how to get ahead of rapidly evolving cyber-threats to secure sensitive customer and corporate data across your ecosystem.
  • Cybercriminals – The Unaddressed Competition Recorded: Mar 28 2016 30 mins
    Kerry Matre, Sr. Manager, HPE Security
    We often hear that cyber criminals are sophisticated and that they are organized. But what does that mean exactly? What does it mean to our organizations? Hear how HPE is digging into the world of cyber-criminals to understand it and to disrupt it. See how these businesses are organized and when we look closely, see how they look a lot like our businesses. With a value chain that includes finance, marketing, customer and even legal functions, our approach to adversaries’ shifts from one that is basic and rudimentary to one that recognizes these organizations as competitors. We can begin to take these competitors into account when planning for future business innovations. Learn about the most valuable hacking business types, their motivations, and the weaknesses of this underground marketplace so that you can most-effectively protect your enterprise against these adversaries.
  • Best Practices to Stop Data Breaches in 2016 Recorded: Mar 16 2016 64 mins
    Albert Biketi, HPE Security – Data Security; Steve Schlarman, RSA; Charles H. “Hank” Thomas, Booz Allen Hamilton
    In 2015 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.
    Join this educational panel webinar to hear experts discuss how to establish a data protection plan and educate employees to maintain PCI compliance, and enforce basic security best practices and leverage technology solutions to prevent data breaches in 2016.
Leading Security Intelligence & Risk Management Enterprise Platform
HPE is a leading provider of security and compliance solutions for modern enterprises that want to mitigate risk in their hybrid environments and defend against advanced threats. Based on market leading products, the HPE Security Intelligence and Risk Management (SIRM) Platform uniquely delivers the advanced correlation, application protection, and data security & encryption technology to protect today’s applications and IT infrastructures from sophisticated cyber threats. Visit HPE Enterprise Security at: www.hpe.com/security

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Seven Ways to Hang Yourself with Google Android
  • Live at: Dec 7 2011 7:00 pm
  • Presented by: Katrina O'Neil, Security Research Group, HP Enterprise Security Products
  • From:
Your email has been sent.
or close