Videos
Google Project Zero Research into iMessage's Zero-click Attack
Phillip Tennen (16 minutes)
We discuss the recent Google Project Zero research into iMessage’s “zero-click” attack vector, which requires no interactions for a user for them to be exploited. The research was done in iOS 13, and Apple has since provided new mitigations such as ASLR (address space layer randomization) to prevent 0-clicks from happening.
AWS SNS Attack Script
Florent Jeannot (13 minutes)
We present an overview of SNS (Service Notification Service) which is a service provided by AWS. Then, we discuss the requirements for a successfully executed attack script against SNS. Finally, we will dig into the attack from the point of view of a company, customer, and attacker.
How An Unsecured Server Led To A Microsoft Data Breach
Himanshu Dwivedi (20 minutes)
Learn how a cloud resource within the iOS Bing mobile app was left open on the internet, which is another recent example of a full stack application attack. We share this example to show how a full stack AppSec solution can prevent similar attacks, which are sourced from web or mobile clients and end up leaking millions of records from backend cloud resources.
How Attackers Are Taking Advantage of Covid and Mobile Phishing
(14 minutes)
In this session we'll discuss how cyber security companies are seeing a huge uptick in mobile phishing due to recent reports of vaccines coming out to improve the pandemic.
What Is Full Stack Application Security?
(1 minute)
Hackers don't stop at individual layers. They will work to find the most vulnerable party of the stack. Learn what full stack application security truly is and how each layer is interdependent on another.
Introduction to Web Secure
(8 minutes)
Data Theorem’s Web Secure product analyzes and protects single page applications (SPA), their embedded APIs, and underlying cloud resources.
How Modern Data Breaches Attack Every Layer of the Application Stack
(15 minutes)
Review key findings from Verizon's 2020 Data Breach Incident Report (DBIR), which details how modern attacks target multiple layers in the application stack from web to APIs to the cloud.
iOS Clipboard Spying
(21 minutes)
Learn how your app developers can avoid accidentally capturing sensitive data from the iOS clipboard from their use of SDKs or third-party libraries.
How Integrated, Continuous Security Checks Can Save Your Business and Millions of Dollars
(22 minutes)
In this demo, we show how a recent data breach exposed 40 million private user records including geolocation and user photos of minors.
Exploit Analysis: Sign-in With Apple
(18 minutes)
Get a technical analysis of a recently discovered mobile exploit. Eric Castro from Data Theorem breaks down how "Sign-in with Apple" was bypassed, which would allow hackers to take over a user's account in this week’s live demo.
How to Protect Application Attack Surfaces
PRESENTED BY HIMANSHU DWIVEDI (18 minutes)
Learn how you can build a comprehensive security program that will automate key security policies across your entire data environment to receive critical alerts before your data is exposed. In this video, we share a recent example of a data leak caused by a basic misconfiguration.
Live Demo: Case Study – Provident Credit Union
(23 minutes)
Learn from our customer, Provident Credit Union, about how they manage their banking app with a 3rd party vendor, while protecting critical data.
Why Stop AppSec Data Breaches?
(25 minutes)
Using recent data breach examples, we define an AppSec data breach, the risks involved with 3rd party software, and how to prevent them.
Introduction to API Secure
(5 minutes)
Identify your entire attack surface by hacking your APIs, help you find shadow APIs, and better prepare you for securing your data.
Protect Web Apps from XSS Exploits
(22 minutes)
Arm yourself with the knowledge needed to identify a cross-site scripting attack and secure your data.
Contact Tracing 101
(14 minutes)
Learn about how contact tracing works, the proposed use of it, and how it will impact mobile privacy.
Inside Data Theorem’s Mobile AppSec Program
(5 minutes)
Find out how Data Theorem’s automated mobile AppSec program works faster and more securely for your security and DevOps teams. Get results in minutes, learn to remediate faster, and have access to compliance reporting 24/7.
Automated Security for DevOps
(2 minutes)
Data Theorem delivers automated security for DevOps, ushering in a new era of DevSecOps. This helps teams grow faster with fewer application security exposures.
Customer Case Study: Evernote
(3 minutes)
Data Theorem provides 100% security coverage of Evernote's entire mobile application portfolio with backend API services.
Data Theorem Interview Digital Anarchist RSA Conference 2019
WITH HIMANSHU DWIVEDI AND DOUG DOOLEY (11 minutes)
How we help customers with their data risk from mobile to API, assisting in the devops lifecycle.
Top 6 Security Needs for APIs and Serverless Apps
On-Demand Webinar (36 min)
Securing APIs across Amazon Lambda, Google Cloud Functions and Azure Functions
Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. Data Theorem products help organizations prevent AppSec data breaches. The company has detected more than 5 billion application eavesdropping incidents and currently secures more than 25,000 modern applications for its Enterprise customers around the world. Data Theorem is headquartered in Palo Alto, Calif., with offices in New York and Paris.