Several frameworks have been proposed to evaluate the security of biometric systems. Popular ones include the simpler Ratha’s framework [1] and the enhanced Bartlow and Cukic framework [2]. To employ these frameworks to evaluate iPhone X’s biometric security, we need a lot of data points that we don’t have yet. We won’t speculate on the […]
Continue Reading...
Posted in Mobile Application Security | Comments Off on iPhone X Face ID: Evaluating the security of biometric systems
Written in coordination with Grant Douglas Facial recognition is one of the most widely and commonly used forms of biometric access control. Unlike other biometric systems, the information a face contains has a multitude of versatile applications. This information can be used to identify a subject’s gender, ethnicity, age, and even emotional state. A large […]
Continue Reading...
Posted in Featured, Mobile Application Security, Security Risk Assessment | Comments Off on How secure is iPhone X Face ID facial recognition?
Modern mobile device users often have their devices tightly integrated into daily life. From banking apps to social media feeds, these applications are high visibility targets for hackers and thieves looking to exploit weaknesses or hijack vulnerabilities. By ramping up mobile app security, vendors ensure the safety and security of their users and their infrastructure. […]
Continue Reading...
Posted in Mobile Application Security | Comments Off on 3 tips to ramp up your mobile application security
There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, […]
Continue Reading...
Posted in Automotive Security, Embedded Software Testing, Mobile Application Security | Comments Off on Automotive security goes beyond the car
In January 2016, Forbes announced that there were one million job openings in cyber security. The shortage of talent has continued to mount while demand is expected to increase to six million globally by 2019. You may be intrigued by the idea of security consulting but aren’t sure how to transition or break through. If […]
Continue Reading...
Posted in Application Security, Mobile Application Security, Web Application Security | Comments Off on Is a career in application security consulting right for you?
The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]
Continue Reading...
Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 presentations you don’t want to miss at AppSec California 2017
RSA Conference 2017 is taking place at the Moscone Center in San Francisco from February 13-17, 2017. While you’re there, be sure to stop by South Hall booth #1933 where we’ll be hosting prize giveaways, offering product demos, and setting up time to discuss our offerings in more detail. Also stop by to visit us at […]
Continue Reading...
Posted in Application Security, Mobile Application Security, Network Security, Security Conference or Event, Web Application Security | Comments Off on Mark your calendar: RSA USA 2017 is almost here
Last month researchers demonstrated how a mobile app for Tesla–or any other connected car — can be hacked, enabling criminal hackers to locate, unlock, and potentially steal a Tesla vehicle. Researchers from Promon disclosed a vulnerability in the mobile app used by Telsa customers to access their vehicles. According to the researchers this attack is […]
Continue Reading...
Posted in Automotive Security, Mobile Application Security | Comments Off on Researchers hijack automotive mobile apps
Smartphone, tablet, and other hand-held device sales have skyrocketed in recent years. It’s now critical for businesses to provide a mobile option or experience to customers. Additionally, many companies are even created for the sole purpose of making services and entertainment available to their customers’ fingertips—literally. At the same time, software security initiatives must fall […]
Continue Reading...
Posted in Mobile Application Security, Security Training | Comments Off on Here are the top 10 best practices for securing Android apps
Stealing credentials from locked machines shouldn’t work. And yet, it does. The main reason for this is that the operating system automatically loads device drivers if it has access to them. This is true even when a machine is locked. In the case of locked machines, USB Ethernet adapter drivers ship with every major operating […]
Continue Reading...
Posted in Mobile Application Security, Network Security, Software Security Testing | Comments Off on Stealing authentication tokens from locked machines with a mobile phone