38
DUTCH MOBILE .NET DEVELOPERS XAMARIN REVOLVE16

Mobile Security - Dutch Mobile .Net Developers

Embed Size (px)

Citation preview

Page 1: Mobile Security - Dutch Mobile .Net Developers

DUTCH MOBILE .NET DEVELOPERS

XAMARIN REVOLVE16

Page 2: Mobile Security - Dutch Mobile .Net Developers

Agenda• OWASP Mobile Security Threats• Enterprise Mobility Suite (Intune)• Intune SDK

Page 3: Mobile Security - Dutch Mobile .Net Developers

• OWASP Mobile Security Threats

Page 4: Mobile Security - Dutch Mobile .Net Developers

The Open Web Application Security Project• OWASP Top 10

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

• OWASP Top 10 for Mobile 2014https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks

• OWASP Top 10 for Mobile 2016 RChttps://www.owasp.org/index.php/OWASP_Mobile_Security_Project

Page 5: Mobile Security - Dutch Mobile .Net Developers

OWASP Top 10 for Mobile 2016 RC• M1 – Improper Platform Usage• M2 – Insecure Data Storage• M3 – Insecure Communication• M4 – Insecure Authentication• M5 – Insufficient Cryptography• M6 – Insecure Authorization• M7 – Client Code Quality• M8 – Code Tampering• M9 – Reverse Engineering• M10 – Extraneous Functionality

Page 6: Mobile Security - Dutch Mobile .Net Developers

M1 – Improper Platform Usage

Page 7: Mobile Security - Dutch Mobile .Net Developers

M2 – Insecure Data Storage

Page 8: Mobile Security - Dutch Mobile .Net Developers

M3 – Insecure Communication

Page 9: Mobile Security - Dutch Mobile .Net Developers

M4 – Insecure Authentication

Page 10: Mobile Security - Dutch Mobile .Net Developers

M5 – Insufficient Cryptography

Page 11: Mobile Security - Dutch Mobile .Net Developers

M6 – Insecure Authorization

Page 12: Mobile Security - Dutch Mobile .Net Developers

M7 – Client Code QualityM8 – Code Tampering

Page 13: Mobile Security - Dutch Mobile .Net Developers

M9 – Reverse Engineering

Page 14: Mobile Security - Dutch Mobile .Net Developers

M10 – Extraneous Functionality

Page 15: Mobile Security - Dutch Mobile .Net Developers

Mobile Security Threats Percentages

Page 16: Mobile Security - Dutch Mobile .Net Developers

• Enterprise Mobility Suite

Page 17: Mobile Security - Dutch Mobile .Net Developers

Enterprise Mobility Vision

Page 18: Mobile Security - Dutch Mobile .Net Developers

Microsoft IntuneMain possibilities:

• Mobile Device Management (MDM)

• Mobile Application Management (MAM)

• Mobile Application Security

Page 19: Mobile Security - Dutch Mobile .Net Developers

Intune in Microsoft App Development stack

Page 20: Mobile Security - Dutch Mobile .Net Developers

Common scenario’s• Securing your on-premises email and collaboration infrastructure so that it can

be accessed by mobile devices and apps on the Internet

• Enabling your organization to issue hardware to its employees

• Enabling your organization to implement a secure “Bring Your Own Device (BYOD)” or personal device strategy

Page 21: Mobile Security - Dutch Mobile .Net Developers

Demo• Add user

• Enable device management

• Create a policy

Page 22: Mobile Security - Dutch Mobile .Net Developers

• Intune SDK

Page 23: Mobile Security - Dutch Mobile .Net Developers

Intune SDK Possibilities• Manage different app parts with Microsoft Intune

• Available for iOS, Android, Xamarin (Forms) & Cordova

• Easy to integrate in a existing app

• When activated protect corporate data

Page 24: Mobile Security - Dutch Mobile .Net Developers

How it works• The SDK is in the app.

• Intune sends policies to the app.

• Based on these policies the SDK might change the behavior.

• The SDK will do nothing if the device or app is not managed.

Page 25: Mobile Security - Dutch Mobile .Net Developers

Control users’ ability to move documents

Page 26: Mobile Security - Dutch Mobile .Net Developers

Configure clipboard restrictions

Page 27: Mobile Security - Dutch Mobile .Net Developers

Configure screen capture restrictions

Page 28: Mobile Security - Dutch Mobile .Net Developers

Enforce encryption on saved data

Page 29: Mobile Security - Dutch Mobile .Net Developers

Remotely wipe corporate data

Page 30: Mobile Security - Dutch Mobile .Net Developers

Enforce the use of a managed browser

Page 31: Mobile Security - Dutch Mobile .Net Developers

Enforce a PIN policy

Page 32: Mobile Security - Dutch Mobile .Net Developers

Require users to enter credentials

Page 33: Mobile Security - Dutch Mobile .Net Developers

Check device health and compliance

Page 34: Mobile Security - Dutch Mobile .Net Developers

Different Management configurationsSDK can work with:

• Mobile Device Management (MDM)

• Devices without MDM (MAM)

Page 35: Mobile Security - Dutch Mobile .Net Developers

Demo• Enable the Intune SDK in iOS

Page 36: Mobile Security - Dutch Mobile .Net Developers

Where to go from hereXamarin Evolve Sessions:• Addressing the OWASP Mobile Security Threats Using Xamarin

https://evolve.xamarin.com/session/56e1ff1efd00c0253cae339e• Enterprise Mobility: Keep It Safe

https://evolve.xamarin.com/session/56ec8771790aae283cca279e• Think Like a Hacker!

https://evolve.xamarin.com/session/56ec3cd4de91c6253c277bc0

Trial accounts:• Getting started with Enterprise Mobility Suite

https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx• Start with Microsoft Intune

https://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/default.aspx• Azure Active Directory federation compatibility list

https://msdn.microsoft.com/en-us/library/azure/jj679342.aspx

Page 37: Mobile Security - Dutch Mobile .Net Developers

Questions?

Page 38: Mobile Security - Dutch Mobile .Net Developers

ENGINEER YOUR FUTURE TODAY

www.macaw.nl