AppSec EU 2017 The Key Under The Doormat by Stephan Huber and Steven Arzt скачать в хорошем качестве

AppSec EU 2017 The Key Under The Doormat by Stephan Huber and Steven Arzt

How is the reality on Android mobile, password manger applications? Can users really be sure that their secrets are stored in a secure way, even if their device gets lost or stolen? Considering this "lost device" scenario we analyzed 15 of the most popular Android password manager apps based on download count. In our analyses, we tested the apps' resistance against attempts to extract the user's stored secrets and we tried to assess how hard it would be for an attacker to steal the stored secrets. Assuming the correctness of the Android crypto API implementation, developers still can introduce conceptual flaws when using encryption. This can lead to serious vulnerabilities inside the apps. In this talk we will present the most common implementation pitfalls and design failures. We will show that a faulty concept will break the confidentiality even without root privileges. Furthermore we explain countermeasures and best practice approaches to avoid these vulnerabilities. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...