Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world. 

Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 3-4).

(Source: Black Hat Conference USA 2016)

8669809279?profile=original

image courtesy: https://www.flickr.com/photos/jasonahowie/7910370882

1) 1000 ways to die in mobile oauth

Speaker: Eric Chen, Yutong, Yuan Tian, Shuo Chen, Robert Kotcher, Patrick Tague

In the paper, we pinpoint the key portions in each OAuth protocol flow that are security critical, but are confusing or unspecified for mobile application developers. We then show several representative cases to concretely explain how real implementations fell into these pitfalls. Our findings have been communicated to vendors of the vulnerable applications. Most vendors positively confirmed the issues, and some have applied fixes. We summarize lessons learned from the study, hoping to provoke further thoughts about clear guidelines for OAuth usage in mobile applications

>>Go To Presentation


8669804484?profile=original

2) Behind the scenes with IOS security

Speaker: Ivan Krstić

We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.Data Protection is the cryptographic system protecting user data on all iOS devices.

>>Go To Presentation

8669807700?profile=original

 

3) Bad for Enterprise: Attacking BYOD enterprise mobility security solutions

Speaker: Vincent Tan ( @vincent_tky )

Using the Good Technology EMS suite as an example, my talk will show that EMS solutions are largely ineffective and in some cases can even expose an organization to unexpected risks. I will show attacks against EMS protected apps on jailbroken and non-jailbroken devices, putting to rest the rebuttal that CxOs and solution vendors often give penetration testers, ""We do not support jailbroken devices.""

Whether you are a CxO, administrator or user, you can't afford not to understand the risks associated with BYOD.

>>Go To Presentation


8669805458?profile=original

 

4) Samsung pay: tokenized numbers flaws and issues

Speaker: Salvador Mendoza ( @Netxing )

Samsung announced many layers of security to its Pay app. Without storing or sharing any type of user's credit card information, Samsung Pay is trying to become one of the most secure approaches offering functionality and simplicity for its customers. This app is a complex mechanism which has some limitations relating security.

>>Go To Presentation

8669807677?profile=original


 

5) The Art of defence: How vulnerabilities help shape security features and mitigations in android

Speaker: Nick Kralevich

In this talk, we will cover the threats facing Android users, using both specific examples from previous Black Hat conferences and published research, as well as previously unpublished threats. For the threats, we will go into the specific technical controls which contain the vulnerability, as well as newly added Android N security features which defend against future unknown vulnerabilities. Finally, we'll discuss where we could go from here to make Android, and the entire computer industry, safer.

>>Go To Presentation

zw0wgz.png?width=750

Your Complete Guide To Top Talks @Black Hat Conference 2016 (USA)

Get your FREE Guide on Top Talks @ Black Hat Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at the Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform