Sec. Dev. & Rock'n'Roll
Talking about Security
Hendrik Pilz
Who am I?
Security
It really matters...
Picture: Mike Licht CC BY 2.0
Babyphone hacked, Baby ranted
Watch this!
115 batshit stupid things you can put on the internet in as fast as I can go by Dan Tentler
What I want to say
Security people like breaking things (hacking)
Developers like building things (hacking)
Hack yourself first!
What Mobile Devs should know
24.7% of apps include at least one high-risk security flaw
35% of mobile communications are unencrypted
Source: NowSecure Mobile Security Report
What Mobile Devs should know
Even Mobile Security apps have security issues:
(In-) Security of Security Applications
Source: TeamSIK / Fraunhofer SIT
What you can do
Take care of security
Check and contribute: OWASP Mobile Security Project
Reverse your own apps to see what others might see
e.g. with AndroGuard, dex2jar, JD-GUI
Monitor your apps network traffic
e.g. with Wireshark
What you can do
Think twice before you copy'n'paste from StackOverflow
What you can do
Have a security contact person in your team
Respond to vulnerabilities reported by 3rd parties
By the way
Recommended Presentations @ Droidcon
Reverse Engineering is not just for Hackers!
by Jon Reeve (Thursday 14:45 to 15:30 @ Stage 1)
May I?
by Sonja Kesic (Thursday 14:45 to 15:30 @ Stage 2)
Building simple and secure Account Systems on Android
by Steven Soneff (Friday 11:45 to 12:30 @ Stage 1)
Security at your Fingertips - A Dive into Marshmallow's new Fingerprint and Keystore APIs
by Frederik Schweiger (Friday 16:45 to 17:30 @ Stage 1)
Thank you!
This presentation is available at
https://www.hepisec.de/droidcon-berlin-2016/