【Javier Cuesta Gómez】Android安全执行

2020-02-27 54浏览

1.Android security enforcements
2.Hello DroidCon! Javier Cuesta Gómez Android Engineer manager @Grab
3.Android 2017 security 450 reports $1.1 payout The most difficult OWASP securityrisks:● Unintended data leakage - 65% ● Weak server side controls - 62% ● Client side injections - 60% ● Poor Authorization and Authentication - 50% ● Insufficient transport layer protection - 47%
4.Main vulnerable code reasons 1 Rush to release 2 3 Accidental Lack of policies coding errors requirements
5.ANDROID
6.SOFTWARE ARCHITECTURE Android application perimeter PRESENTATION S Information, display E C U DOMAIN R Business logic, calculations I T Y DATA Database, messaging systems
7.SECURITY ENHANCED ARCHITECTURE Android application perimeter SECURITY Threat prevention, authentication, authorisation, sla PRESENTATION Information, display DOMAIN Business logic, calculations DATA Database, messaging systems
8.ANDROID O - PROJECT TREBLE Android Apps CTS Developer api Android OS framework VTS Vendor Interface Vendor implementation
9.CODE DATA COMMS ROOT
10.Enforce security... In your code
11.REVERSE ENGINEERING extracting knowledge or design information from anything man-made. ● Download APK from black markets APK MIRROR ● Use reverse engineering tools APK TOOL ● Knowledgetaking:○ Consumerbasis:Analysing and understanding behaviour ○ Whitehat:'>hat: