We discuss the recent Google Project Zero research into iMessage’s “zero-click” attack vector, which requires no interactions for a user for them to be exploited. The research was done in iOS 13, and Apple has since provided new mitigations such as ASLR (address space layer randomization) to prevent 0-clicks from happening.
We present an overview of SNS (Service Notification Service) which is a service provided by AWS. Then, we discuss the requirements for a successfully executed attack script against SNS. Finally, we will dig into the attack from the point of view of a company, customer, and attacker.
Learn how a cloud resource within the iOS Bing mobile app was left open on the internet, which is another recent example of a full stack application attack. We share this example to show how a full stack AppSec solution can prevent similar attacks, which are sourced from web or mobile clients and end up leaking millions of records from backend cloud resources.
In this session we'll discuss how cyber security companies are seeing a huge uptick in mobile phishing due to recent reports of vaccines coming out to improve the pandemic.
Hackers don't stop at individual layers. They will work to find the most vulnerable party of the stack. Learn what full stack application security truly is and how each layer is interdependent on another.
Data Theorem’s Web Secure product analyzes and protects single page applications (SPA), their embedded APIs, and underlying cloud resources.
Review key findings from Verizon's 2020 Data Breach Incident Report (DBIR), which details how modern attacks target multiple layers in the application stack from web to APIs to the cloud.
Learn how your app developers can avoid accidentally capturing sensitive data from the iOS clipboard from their use of SDKs or third-party libraries.
In this demo, we show how a recent data breach exposed 40 million private user records including geolocation and user photos of minors.
Get a technical analysis of a recently discovered mobile exploit. Eric Castro from Data Theorem breaks down how "Sign-in with Apple" was bypassed, which would allow hackers to take over a user's account in this week’s live demo.
Learn how you can build a comprehensive security program that will automate key security policies across your entire data environment to receive critical alerts before your data is exposed. In this video, we share a recent example of a data leak caused by a basic misconfiguration.
Learn from our customer, Provident Credit Union, about how they manage their banking app with a 3rd party vendor, while protecting critical data.
Using recent data breach examples, we define an AppSec data breach, the risks involved with 3rd party software, and how to prevent them.
Identify your entire attack surface by hacking your APIs, help you find shadow APIs, and better prepare you for securing your data.
Arm yourself with the knowledge needed to identify a cross-site scripting attack and secure your data.
Learn about how contact tracing works, the proposed use of it, and how it will impact mobile privacy.
Find out how Data Theorem’s automated mobile AppSec program works faster and more securely for your security and DevOps teams. Get results in minutes, learn to remediate faster, and have access to compliance reporting 24/7.
Data Theorem delivers automated security for DevOps, ushering in a new era of DevSecOps. This helps teams grow faster with fewer application security exposures.
Data Theorem provides 100% security coverage of Evernote's entire mobile application portfolio with backend API services.
How we help customers with their data risk from mobile to API, assisting in the devops lifecycle.
Securing APIs across Amazon Lambda, Google Cloud Functions and Azure Functions