Contribuez à SecuObs en envoyant des bitcoins ou des dogecoins.
Nouveaux articles (fr): 1pwnthhW21zdnQ5WucjmnF3pk9puT5fDF
Amélioration du site: 1hckU85orcGCm8A9hk67391LCy4ECGJca

Contribute to SecuObs by sending bitcoins or dogecoins.

Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- microsoft


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Appaloosa AppDome nouent un partenariat pour accompagner les entreprises dans le déploiement et la protection des applications mobiles
- D-Link offre une avec un routeur VPN sans fil AC
- 19 mai Paris Petit-Déjeuner Coreye Développer son business à l'abri des cyberattaques
- POYNTING PRESENTE LA NOUVELLE ANTENNE OMNI-291, SPECIALE MILIEU MARITIME, CÔTIER ET MILIEU HUMIDE
- Flexera Software Les utilisateurs français de PC progressent dans l'application de correctifs logiciels, mais des défis de tailles subsistent
- Riverbed lance SD-WAN basé sur le cloud
- Fujitsu multi-récompensé VMware lui décerne plusieurs Partner Innovation Awards à l'occasion du Partner Leadership Summit
- Zscaler Private Access sécuriser l'accès à distance en supprimant les risques inhérents aux réseaux privés virtuels
- QNAP annonce la sortie de QTS 4.2.1
- Une enquête réalisée par la société de cyber sécurité F-Secure a décelé des milliers de vulnérabilités graves, potentiellement utilisables par des cyber criminels pour infiltrer l'infrastru
- Trouver le juste équilibre entre une infrastructure dédiée et cloud le dilemme de la distribution numérique
- 3 juin - Fleurance - Cybersécurité Territoires
- Cyber-assurances Seules 40 pourcents des entreprises françaises sont couvertes contre les violations de sécurité et les pertes de données
- Des étudiants de l'ESIEA inventent CheckMyHTTPS un logiciel qui vérifie que vos connexions WEB sécurisées ne sont pas interceptées
- Les produits OmniSwitch d'Alcatel-Lucent Enterprise ALE gagnent en sécurité pour lutter contre les cyber-attaques modernes

Dernier articles de SecuObs :
- DIP, solution de partage d'informations automatisée
- Sqreen, protection applicative intelligente de nouvelle génération
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles

Revue de presse internationale :
- VEHICLE CYBERSECURITY DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
- Demand letter served on poll body over disastrous Comeleak breach
- The Minimin Aims To Be The Simplest Theremin
- Hacking group PLATINUM used Windows own patching system against it
- Hacker With Victims in 100 Nations Gets 7 Years in Prison
- HPR2018 How to make Komboucha Tea
- Circuit Bender Artist bends Fresnel Lens for Art
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- 2016 Hack Miami Conference May 13-15, 2016
- 8-bit Video Wall Made From 160 Gaming Keyboards
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- [Infratech - release] version 0.6 de Bluetooth Stack Smasher
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Infratech - vulnérabilité] Nouvelle version 0.8 de Bluetooth Stack Smasher
- Mises à jour en perspective pour le système Vigik
- USBDumper 2 nouvelle version nouvelles fonctions !
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- La sécurité des clés USB mise à mal par USBDUMPER
- Une faille critique de Firefox expose les utilisateurs de Tor Browser Bundle
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security

Top bi-hebdo de la revue de presse
- StackScrambler and the Tale of a Packet Parsing Bug

Top bi-hebdo de l'annuaire des videos
- DC++ Botnet. How To DDos A Hub With Fake IPs.
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Defcon 14 Hard Drive Recovery Part 3

Top bi-hebdo de la revue Twitter
- RT @secureideas: I believe that all the XSS flaws announced are fixed in CVS. Will test again tomorrow if so, release 1.4.3. #BASESnort
- Currently, we do not support 100% of the advanced PDF features found in Adobe Reader... At least that's a good idea.
- VPN (google): German Foreign Office Selects Orange Business for Terrestrial Wide: Full
- @DisK0nn3cT Not really, mostly permission issues/info leak...they've had a couple of XSS vulns but nothing direct.
- Swatting phreaker swatted and heading to jail: A 19-year-old American has been sentenced to eleven years in pris..
- RT @fjserna You are not a true hacker if the calc.exe payload is not the scientific one... infosuck.org/0x0035.png

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

Antitamper Mobile - Minded Security's Magik Quadrant for Mobile Code Protection

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse



Antitamper Mobile - Minded Security's Magik Quadrant for Mobile Code Protection

Par Minded Security Blog
Le [2015-04-29] à 18:57:02



Présentation : Minded Security's Magik Quadrant for Mobile Code Protection shows you our evaluation of the top vendors in this market, based on our research and experience. Magik Quadrant Why care about Code Protection There are a lot of reasons to care about Code Protection when dealing with Mobile Applications. Every year a lot of money is lost due to piracy, intellectual property theft, cracked copyright mechanisms, tampered software, malware, and so on. Mobile Apps are obviously installed client-side, therefore they are under the user's control.For example, malicious users or competitors could decompile the application and analyse the result. This could reveal valuable data as proprietary algorithms or intellectual property or allow the attackers to use that information to modify the code, repackage and redistribute it to create a trojanized clone of the App in a rapid fashion.Moreover, if the App needs to run on untrusted devices, any malware could interact with the App at runtime level to steal data credentials, credit card number etc. or bypass security logic local authentication, geo-restrictions, custom cryptography etc. . As you can see a mobile App could be attacked at various layers and with very different goals in mind, creating a very complex problem for those who want to protect their products. The following diagram shows some of the main attack types. Why Apps reverse-engineering and tampering are easy Many developers do not know how easy mobile application reverse-engineering and tampering are. Since mobile Apps reside on user's devices and include valuable data inside - metadata, resources and even the code itself -, attackers could gather important information just by using publicly available tools.In fact, according to the OWASP Top 10 Mobile Risks 2014, ...it is extremely common for apps to be deployed without binary protection. The prevalence has been studied by a large number of security vendors, analysts and researchers. Without protections, it is quite easy to decompile an App to analyse its code particularly on the Android platform or to interact with it at runtime level on rooted jailbroken devices. How to make it harder To make the life harder to the attackers and help protecting valuable data, developers should Harden DRM systems and licensing modules Reduce piracy Protect intellectual property and personal data Secure proprietary algorithms against analysis and reverse engineering Harden firmware and OS Protect cryptographic keys Protect the client side of encrypted communication Prevent malware intrusion Therefore they have to deploy mobile applications with some kind of protection. To do this they could implement the following techniques Code and Flow Obfuscation String and Class Encryption Debug code stripping Method Call Hiding Reflection Resource Encryption Debug Detection Root Jailbreak Detection Runtime Injection Detection Swizzle Hook Detection Tamper Detection Certificate Pinning Watermarking There are many technical resources on Internet that describe at some level of detail how to implement one or more of the preceding techniques. Moreover, there is some commercial tool which provides binary protection without requiring developers to implement their own custom controls.Before going into detail about these tools it is worth noting that all these security controls do not give a guarantee that mobile applications are going to be 100pourcents secure, but they can provide additional protection and make very hard to carry on reverse engineering, tampering and runtime attacks. Interpreting the Magik Quadrant The Magik Quadrant study performed on Code Protection solutions takes into account multiple criteria based on Ability to Execute Completeness of Vision Ability to Execute Vendors must deliver strong functionality in the following areas of capability Techniques implemented After Sale Support Completeness of Vision Completeness of vision in the Code Protection market considers a vendor s vision and plans for addressing buyer needs in the future. Cross-platform support Innovation Sale Strategy Before proceeding it is worth noting that focusing on the leaders' quadrant isn't always the best choice. There are good reasons to consider market challengers. Moreover a niche player may support a specific needs better than a market leader. Leaders Leaders offer products and services that best cover current scenarios and are well positioned for tomorrow. They provide solutions that are cross-platform, and therefore with one vendor it is possible to protect many platforms.Their complex solutions provide protection through obfuscation, encryption, call hiding etc. , detection and reaction in case an attack is detected . Visionaries In general, in any Magic Quadrant the Visionaries are the innovators. They understand well where the market is going and therefore they can provide innovative techniques to protect Apps in a cross-platform environment. Niche Players Niche Players, in our research, are vendors that do not offer, at the moment, a cross-platform solution but they are focused on a small segment.Since they are offering platform-specific solutions, in some case they are able to provide innovative and specific solutions for that particular target. Free and Open Source Solutions The preceding analysis was done on commercial tools available on market. In addition to this, we have also analyzed a free and open source solutions available for iOS iMAS. This solution has the main disadvantage that, since it is free and open source, it does not guarantee support. Nevertheless, we want to spend some words about it since it has some interesting features. Vendor Strenghts and Cautions Arxan This analysis pertains to Arxan's GuardIT. Arxan is one of the most trusted names in application security. They provide protection against a widest range of static and dynamic attacks. The protection, provided by GuardIT, is implemented on different layers giving the chance to select the desired level of security. Strengths Cross-platform Android, iOS, Windos Phone Strong code protection Strong detection Capability to repair after damage Cautions Price could be higher than expected Metaforic This analysis pertains to Metaforic Core, Authenticator, Concealer and WhiteBox. Metaforic is one of the leaders in the application security market. They provide a cross-platform solution based on different modules Core, Authenticator, Concealer and WhiteBox . Strengths Cross-platform Android, iOS Strong Code and Flow obfuscation Strong cryptographic key protection Cautions Price could be higher than expected WhiteCryption This analysis pertains to whiteCryption's Cryptanium. WhiteCryption provides code protection solutions since 2009, so they are relatively new on this market compared to Arxan or Metaforic. However they offer an innovative product that is designed to protect applications at all levels. Strengths Cross-platform Android, iOS Strong Code and Flow Obfuscation Strong anti-tampering protection Anti-debug and anti-piracy features Cautions White-box cryptography techniques are still adopted very little PreEmptive This analysis pertains to DashO and .NET Obfuscator. The first version of DashO was released in 1998 and .NET Obfuscator was initially released few years later. Therefore PreEmptive has a long experience in Code protection. Strengths Cross-platform Android and Windows Phone Strong code and flow obfuscation Watermarking Tamper prevention and reaction Cautions No iOS support GuardSquare - Saikoa This analysis pertains to DexGuard. GuardSquare is very famous since they develop and support ProGuard, that is the successful open source obfuscator for the Java language. DexGuard is derived from it. They have a great experience in Java and Android platform. Strengths Large adoption among our customers Strong code optimization and obfuscation Anti-tamper detection Cautions Available only for Android Licel This analysis pertains to Licel's DexProtector. Licel is a new competitor in code protection. Its product, DexProtector, is designed for comprehensive protection of Android-applications against reverse engineering and tampering. Strengths Affordable for our clients Strong code obfuscation Anti-tamper detection Cautions Available only for Android Bangcle - SecNeo This analysis pertains to AppShield service. Bangcle provides a service that permits to developers to upload its APK on Bangcle's server and they provide fully automated App shield services. The whole process takes about one hour or less to complete. Strengths Very simple use Anti-debug and Anti-tamper features App Data Encryption Cautions Available only for Android Smardec This analysis pertains to Smardec's Allatori. Smardec's main goal is to offer you high quality services and products at a reasonable price. Allatori first version was released in 2006 and it has reached these goals. Strengths Strong code and flow obfuscation Watermarking StackTrace restoring Cautions Available only for Android Only code protection obfuscation Zelix This analysis pertains to Zelix KlassMaster. Zelix has a long story and experience in code obfuscation. Since its release in 1997, the Zelix KlassMaster Java code obfuscator has been continually developed to keep it at the forefront of obfuscation technology. This solution provides a Java code obfuscator but it does not implement other protections such as those against tampering tries. Strengths Strong code and flow obfuscation Strong Call Hiding Affordable for our clients Cautions Available only for Java Android Only code protection obfuscation iMAS This analysis pertains to iMAS. This solution is free and open source, available on GitHub, and it provides modularity as the main feature. In particular the iMAS project is composed of many components that developers could include inside their project and every module provides a different feature. So it is up to the developers selecting the desired components and include them in the project. Strengths Free Anti-tampering protections Code encryption Cautions Available only for iOS No after sale support

Les mots clés de la revue de presse pour cet article : mobile
Les videos sur SecuObs pour les mots clés : mobile
Les mots clés pour les articles publiés sur SecuObs : mobile
Les éléments de la revue Twitter pour les mots clé : mobile



AddThis Social Bookmark Widget



Les derniers articles du site "Minded Security Blog" :

- RCE in Oracle NetBeans Opensource Plugins PrimeFaces 5.x Expression Language Injection
- RAT WARS 2.0 Advanced Techniques for Detecting RAT Screen Control
- Request parameter method may lead to CakePHP CSRF Token Bypass
- Reliable OS Shell with - EL Expression Language - Injection
- Software Security in practice
- Advanced JS Deobfuscation Via AST and Partial Evaluation Google Talk WrapUp
- Autoloaded File Inclusion in Magento SOAP API SUPEE-6482
- PDF-based polyglots through SVG images CVE-2015-5092
- Multiple security issues discovered in Concrete5
- Antitamper Mobile - Minded Security's Magik Quadrant for Mobile Code Protection




S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]



Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :