Community Leader Devs+502 & JDuchess Chapter Guatemala Ex-JUG Member Guatemala Java Users Group (GuateJUG) Chief Technology Officer (CTO) at Produactivity Full Stack Developer
Mercedes Wyss @itrjwyss
Auth0 Ambassador & Oracle Developer Champion
Security is a Team Effort
Free Hamburgers
Once upon a time…
Once upon a time…
Free Hamburgers
What could go wrong?
What could go wrong? •
Layalty Programs are a Marketing Strategy
•
Don’t represent a loss for the company
BUT
•
They started to lose money for the Loyalty Program
What could go wrong? •
Layalty Programs are a Marketing Strategy
•
Don’t represent a loss for the company
BUT
•
They started to lose money for the Loyalty Program
What was wrong?
What was wrong? GET http://AmazingHamburguers.com/addPoints?user=qwer&code=7834
GET http://AmazingHamburguers.com/register? [email protected]&password=q1w2e3r4t5y6
GET http://AmazingHamburguers.com/login? user=qwer&password=q1w2e3r4t5y6
What was wrong? Exposed Params
GET http://AmazingHamburguers.com/addPoints?user=qwer&code=7834
HTTP Method
GET http://AmazingHamburguers.com/register? [email protected]&password=q1w2e3r4t5y6
SSL/TLS Absence
GET http://AmazingHamburguers.com/login? user=qwer&password=q1w2e3r4t5y6
What was wrong? •
Emails, Password and Codes were exposed
•
A company lost money
•
Someone lost his job
How to solve this issue?
How to solve this issue? •
Use an information exchange protocol, like JSON
•
Use a different HTTP Method than GET, like POST
•
Use SSL/TLS certificate
How to solve this issue? •
POST https://AmazingHamburguers.com/ addPoints? { “user”:”qwer”, “code”:7834 }
How to solve this issue? •
POST https://AmazingHamburguers.com/ addPoints? { “user”:”qwer”, “code”:7834 }
With SSL/TLS Will travel encrypted
Human Verification
reCAPTCHA
Create the Site
Create the Site
Adding Dependency
reCAPTCHA SafetyNet.getClient(this).verifyWithRecaptcha("6LdDHU8UAAAAAK6y7GYEPQH8_svKQfQmFvk_c6pA") .addOnSuccessListener(this) { response -> if (!response.tokenResult.isEmpty()) { Log.d(TAG, "TokenResult: " + response.tokenResult) } } .addOnFailureListener(this) { e -> if (e is ApiException) { Log.d(TAG, "Error message: " + CommonStatusCodes.getStatusCodeString(e.statusCode)) } else { Log.d(TAG, "Unknown type of error: " + e.message) } }
reCAPTCHA SafetyNet.getClient(this).verifyWithRecaptcha("6LdDHU8UAAAAAK6y7GYEPQH8_svKQfQmFvk_c6pA") .addOnSuccessListener(this) { response -> if (!response.tokenResult.isEmpty()) { Log.d(TAG, "TokenResult: " + response.tokenResult) Verify the result } } .addOnFailureListener(this) { e -> if (e is ApiException) { Log.d(TAG, "Error message: " + CommonStatusCodes.getStatusCodeString(e.statusCode)) } else { Log.d(TAG, "Unknown type of error: " + e.message) } }
reCAPTCHA
reCAPTCHA
reCAPTCHA
reCAPTCHA
“Convenience Over Security”
What was wrong?
•
Was storing data about users in plain text and locally on a device (public access)
•
Emails, Passwords and geolocation data
What was wrong?
• •
Public Access
Was storing data about users in plain text and locally on a device (public access)
Unencrypted Emails, Passwords and geolocation data
Data
How to solve this issue?
How to solve this issue? •
Save the information so that only our application has access to it.
What could go wrong? { "accountName":"Mercedes Wyss", “accountNumber":"1234567890" } { "accountName":"5cPRRpp/bUkcnNZ6CZ6efg==", “accountNumber":"yPGQm/a6y1My3IBHnpQEVA==" }
What could go wrong? { "accountName":"Mercedes Wyss", “accountNumber":"1234567890" } Unencrypted and Encripted values
Is it better for mobile apps to be easy-to-use, or secure? - GitHub
Page 1. A More Secure World for Apps. Page 2. Mercedes Wyss. @itrjwyss. Community Leader. Devs+502 & JDuchess Chapter Guatemala. Ex-JUG Member. Guatemala Java ..... Page 79. JSON Web Encryption. ⢠The JWE Protected Header. ⢠The JWE Encrypted Key. ⢠The JWE Initialization Vector. ⢠The JWE ...
rity challenges [Chess, 1998]. Among these are ... Agent Places: an agent place is a server appli- cation where ..... Internet Computing, pages 40-48. [Yee and ...
autonomous agents to roam around virtual stores and find desired products ... (owner) wants to send an agent to a virtual store ..... S. M., and Buttyan, L. (2000).
it is doubtful that any meaning can be attached to the supposition that I should possess the internal ... And we know that while it includes an enormous amount of ...
This review of rat sensory perception spans eight decades of work conducted across diverse research fields. It covers rat vision, audition, olfaction, gustation, and somatosensation, and describes how rat perception differs from and coincides with ou
What is it like to be a bat http://members.aol.com/NeoNoetics/Nagel_Bat.html. 2 of 9. 20/04/2004 16.12 be ascribed to robots or automata that behaved like ...
Aug 26, 2013 - She offers two reasons in support of THV. The first concerns truth. ...... Cheshire Calhoun (Ed.), Setting the Moral Compass: Essays by. Women ...
not quasiconcave (nor are they quasiconcave along the diagonal of square). ..... his payoff, contradicting the equilibrium hypothesis and completing the proof.
good analysis is performed in every technique ... In an email thread conversation between Martin Burns and Joshua Arnold, the suggestion of making Time ...
... the most known external localization reference is GPS; however, it ... robots [8], [9], [10], [11]. .... segments, their area ratio, and a more complex circularity .... The user just places ..... localization,â in IEEE Workshop on Advanced Robo
Manhood: How to Be a Better Man or Just Live with One
Download at => https://pdfkulonline13e1.blogspot.com/0804178054
Manhood: How to Be a Better Man or Just Live with One pdf download, Manhood: How to Be a Better Man or Just Live with One audiob
Sep 24, 2014 - DTI / Titolo principale della presentazione. 11 ottobre 2014. 3. IPHONE ENCRYPTION. â Data Protection. â File System Encryption. SECURE ENCLAVE (5S). UID (256 bit) http://images.apple.com/iphone/business/docs/iOS_Security_Oct12.pdf
In mobile ad hoc networks (MANETs), multi-hop mes- sage relay is the common way for nodes to communicate and participate in network operations, making ...
including Android, iPhone®, iPad®, BlackBerry® and Windows Phone®. ... iPhone, iPad, or Android phone or tablet. May. 6. A. B. C. D. E. F. 7. 8. 9. 10. June.
9. 10. June. July. Aug. Sept. $2,000. Ariel Watkins. Resolve. $17 ... meetings right to your laptop, phone or tablet so you can join from anywhere. Invite up to 15 ...
including Android, iPhone®, iPad®, BlackBerry® and Windows Phone®. ... iPhone, iPad, or Android phone or tablet. May. 6. A. B. C. D. E. F. 7. 8. 9. 10. June.
âteamâ feeling that drives them. together in learning. Many of the games in this. section of the book are. language learning games. These games are designed to. practice and deepen our. knowledge. The exciting. situation of a game makes the. mind
Chrome52 on this Laptop. » ~14kbyte. String => 133ms ... 3-4 Seks processing time on samsung galaxy S5 with crosswalk to finish the transition with ... Page 17 ...
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. creating mobile ...
![Read [PDF] Manhood: How to Be a Better Man or Just Live with One Read online](https://p.pdfkul.com/img/300x300/read-pdf-manhood-how-to-be-a-better-man-or-just-li_5b39c8221723ddb2ac74efb0.jpg)
