PPT-BDD Mobile security testing with OWASP MASVS, OWASP MSTG and Calabash

About Me whoami Davide Cioccia Security Engineer ING Bank NL Italian leaving in the NL 7 years security experience Security magazines and OWASP MSTG contributor Focus Mobile application security . entry area tel|mobile [0-9]+ [0-9]+ fwd free entry entry entry area tel mobile area tel mobile 03 10091729 1201 1222 free 1887 free fwd entry tel|mobile entry [0-9]+ area [0-9]+ tel|mobile [0-9]+ [0-9 Vulnerabilities . and Auditing. Not just another statistic…. What we are going to cover…. Review of OWASP.org. OWASP Top 10. Web Application Audit Plan. 2. Highlights . - 2014 Symantec Internet . Web Security. by. Shauvik Roy . Choudhary. shauvik@cc.gatech.edu. Some slides from the . Owasp. Top-Ten project and from Gustav . Ryedstedt. Why Web Security ?. More and more applications are getting web-enabled or converted to web-apps.. Projects Portal Launch!. Jason Li. Global Projects Committee. jason.li@owasp.org. AppSec. USA 2011. About the. The Prologue. OWASP Projects are:. Open Source. Freely Available. Anyone Can Start. Anyone Can Contribute. AppSec. USA 2011. An Introduction to ZAP. The OWASP Zed Attack Proxy. Simon Bennetts. Sage UK Ltd. OWASP ZAP Project Lead. psiinon@gmail.com. 2. The Introduction. The statement. You cannot build secure . Chris Edwards. Quintin Cutts. Steve McIntosh. http://xkcd.com/327/. SQL Injection . Example:. Look up customer details, one at a time, via customer ID.. $. mysqli. = new . mysqli. ($host,$. dbuser. ,$. i. nstructions . within. Release Candidate. Important Notice. RC. Request for Comments. OWASP plans to release the final public release of the OWASP Top 10 - 2017 in July or August 2017 after a public comment period ending June 30, 2017. . Dave Wichers. Aspect Security COO. Volunteer Conferences Chair of OWASP. Member of OWASP Board. dave.wichers@aspectsecurity.com . 443-745-6268. The Problem – How do you deal with this?. http://www.owasp.org/index.php/Top_10. OWASP : . Core. Mission. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit also registered in Europe as a worldwide charitable organization focused on improving the security of software. . seba@owasp.org. BE Board. OWASP Belgium Chapter Meeting . 23-Oct-2018. 2. Thank you. Location . / . co-hosting. Sponsors . Belgium . 2018. . OWASP . cannot recommend the use of products, services, or recommend specific companies.  . Yaniv Simsolo. , CISSP. Image: Hubble Telescope: The cat’s eye nebula. OWASP Top 10 2013. OWASP . Top 10 – . 2013 has evolved:. 2013-A1 . – Injection. 2013-A2 . – Broken Authentication and Session Management. John Mitchell. CS 155. Spring 2016. Outline. Introduction. Platforms. App market. Threats. Android security model . Apple iOS security model. Windows 7, 8 Mobile security model. Change takes time. Apple Newton, 1987. New OWASP Top 10 Items - 2017 Stephen Deck, GSE, OSCE, CISSP @ ranger_cha BE INFORMED. BE STRATEGIC. BE SECURE. Objective OWASP Top 10 Update XML eXternal Entity (XXE) Background XXE Defense and Attacks 1. AJ Dexter . Sr. Security Consultant. A little about me... Sr. Security Consultant at Cigital. Former Lead Mobile Security Architect @ US Bank.. Mobile Platform & Application SME. Mobile Development Liaison for Security.