{"id":379,"date":"2015-11-08T20:37:59","date_gmt":"2015-11-08T20:37:59","guid":{"rendered":"http:\/\/nethemba.com\/sk\/?page_id=379"},"modified":"2019-08-05T12:29:38","modified_gmt":"2019-08-05T11:29:38","slug":"bezpecnostny-audit-smartphone","status":"publish","type":"page","link":"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/","title":{"rendered":"Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie"},"content":{"rendered":"<p>Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie v sebe zah\u0155\u0148a ako technick\u00fd bezpe\u010dnostn\u00fd audit samotnej mobilnej aplik\u00e1cie, tak bezpe\u010dnostn\u00fd audit serverov\u00fdch webov\u00fdch slu\u017eieb (REST\/SOAP), s ktor\u00fdmi mobiln\u00e1 aplik\u00e1cia komunikuje.<\/p>\n<p>Pri testovan\u00ed vyu\u017e\u00edvame n\u00e1stroje a postupy uveden\u00e9 v <a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Mobile_Security_Project\">OWASP Mobile Security Project<\/a> so zameran\u00edm na <a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Mobile_Security_Project#Top_Ten_Mobile_Controls\">Top Ten Mobile Controls<\/a>:<\/p>\n<p>1. Identifik\u00e1cia a zabezpe\u010denie citliv\u00fdch d\u00e1t v telef\u00f3ne.<br \/>\n2. Kontrola kvality a bezpe\u010dn\u00e9ho \u00falo\u017eiska pre hesl\u00e1, heslov\u00e9 fr\u00e1zy a \u010fal\u0161ie citliv\u00e9 inform\u00e1cie v telef\u00f3ne.<br \/>\n3. S\u00fa citliv\u00e9 d\u00e1ta chr\u00e1nen\u00e9 pri prenose (\u0161ifrovan\u00edm)?<br \/>\n4. Je autentifik\u00e1cia, autoriz\u00e1cia a session-management v danej aplik\u00e1cii korektne implementovan\u00e1?<br \/>\n5. Je koncov\u00e9 &#8222;backend&#8220; API rozhranie (webov\u00e9 slu\u017eby) implementovan\u00e9 bezpe\u010dne?<br \/>\n6. Je integr\u00e1cia so slu\u017ebami a aplik\u00e1cia tret\u00edch str\u00e1n bezpe\u010dn\u00e1?<br \/>\n7. S\u00fa o pou\u017e\u00edvate\u013eovi mobilnej aplik\u00e1cie zbieran\u00e9 v\u00fdhradne len tak\u00e9 inform\u00e1cie o ktor\u00fdch si je vedom\u00fd?<br \/>\n8. Overenie mo\u017enosti neautorizovan\u00e9ho pr\u00edstupu k \u0161peci\u00e1lne citliv\u00fdm d\u00e1tam (digit\u00e1lna pe\u0148a\u017eenka, SMS, hovory, adres\u00e1r, apod).<br \/>\n9. Overenie bezpe\u010dnej a d\u00f4veryhodnej distrib\u00facie mobilnej aplik\u00e1cie (je bezpe\u010dne aktualizovan\u00e1, je digit\u00e1lne podp\u00edsan\u00e1 d\u00f4veryhodnou autoritou, ..).<br \/>\n10. Detailn\u00e1 kontrola interpreta\u010dn\u00fdch ch\u00fdb (kontrola v\u0161etk\u00fdch aplika\u010dn\u00fdch vstupov, h\u013abkov\u00e9 fuzzy testovanie)<\/p>\n<p><strong>Technick\u00fd bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie<\/strong><br \/>\nPredstavuje praktick\u00e9 overenie re\u00e1lneho stavu bezpe\u010dnosti mobilnej aplik\u00e1cie v s\u00falade s <a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Mobile_Security_Project#Top_Ten_Mobile_Controls\">Top Ten Mobile Controls<\/a> zah\u0155\u0148aj\u00face najm\u00e4:<\/p>\n<ul>\n<li>fuzzy testovanie v\u0161etk\u00fdch pou\u017e\u00edvate\u013esk\u00fdch vstupov, overenie kontroly v\u0161etk\u00fdch vstupn\u00fdch parametrov<\/li>\n<li>overenie biznis logiky aplik\u00e1cie<\/li>\n<li>overenie \u0161ifrovania a digit\u00e1lneho podpisovania samotn\u00fdch \u017eiadost\u00ed<\/li>\n<li>overenie bezpe\u010dnej autentifik\u00e1cie medzi mobilnou aplik\u00e1ciou a danou webovou slu\u017ebou<\/li>\n<li>overenie bezpe\u010dn\u00e9ho \u00falo\u017eiska aplik\u00e1cie<\/li>\n<li>ak sa nepou\u017e\u00edvaj\u00fa klientsk\u00e9 SSL certifik\u00e1ty, tak anal\u00fdza pou\u017eitej heslovej politiky<\/li>\n<\/ul>\n<p><strong>Bezpe\u010dnostn\u00fd audit rozhrania webov\u00fdch slu\u017eieb (REST\/SOAP)<\/strong><br \/>\nBezpe\u010dnostn\u00fd audit rozhrania webov\u00fdch slu\u017eieb (REST\/SOAP ) je realizovan\u00fd ako &#8222;blackbox&#8220; bezpe\u010dnostn\u00fd audit API rozhrania (bez znalosti XSD\/WSDL sch\u00e9m, autentifika\u010dn\u00fdch \u00fadajov apod), tak ako \u201ewhitebox&#8220; bezpe\u010dnostn\u00fd audit API rozhrania (so znalos\u0165ou API a pr\u00edstupov\u00fdch \u00fadajov). V oboch pr\u00edpadoch je uveden\u00e9 testovanie realizovan\u00e9 detailne pod\u013ea testovacej pr\u00edru\u010dky OWASP kapitoly \u201e<a href=\"http:\/\/www.owasp.org\/index.php\/Testing_for_Web_Services\">Testing for Web Services<\/a>&#8222;. Audit v sebe zah\u0155\u0148a otestovanie na <a href=\"http:\/\/clawslab.nds.rub.de\/wiki\/index.php\/Main_Page\">nasleduj\u00face \u00fatoky<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie v sebe zah\u0155\u0148a ako technick\u00fd bezpe\u010dnostn\u00fd audit samotnej mobilnej aplik\u00e1cie, tak bezpe\u010dnostn\u00fd audit serverov\u00fdch webov\u00fdch slu\u017eieb (REST\/SOAP), s ktor\u00fdmi mobiln\u00e1 aplik\u00e1cia komunikuje. Pri testovan\u00ed vyu\u017e\u00edvame n\u00e1stroje a postupy uveden\u00e9 v OWASP Mobile Security Project so zameran\u00edm na Top Ten Mobile Controls: 1. Identifik\u00e1cia a zabezpe\u010denie citliv\u00fdch d\u00e1t v telef\u00f3ne. 2. Kontrola [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":351,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"services_detail.php","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-379","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie - Nethemba<\/title>\n<meta name=\"description\" content=\"Audit zah\u0155\u0148a: fuzzy testovanie v\u0161etk\u00fdch pou\u017e\u00edvate\u013esk\u00fdch vstupov, overenie biznis logiky aplik\u00e1cie, overenie \u0161ifrovania a bezpe\u010dnej autentifik\u00e1cie,...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Audit zah\u0155\u0148a: fuzzy testovanie v\u0161etk\u00fdch pou\u017e\u00edvate\u013esk\u00fdch vstupov, overenie biznis logiky aplik\u00e1cie, overenie \u0161ifrovania a bezpe\u010dnej autentifik\u00e1cie,...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:modified_time\" content=\"2019-08-05T11:29:38+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 min\u00faty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/\",\"url\":\"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/\",\"name\":\"Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie - Nethemba\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"datePublished\":\"2015-11-08T20:37:59+00:00\",\"dateModified\":\"2019-08-05T11:29:38+00:00\",\"description\":\"Audit zah\u0155\u0148a: fuzzy testovanie v\u0161etk\u00fdch pou\u017e\u00edvate\u013esk\u00fdch vstupov, overenie biznis logiky aplik\u00e1cie, overenie \u0161ifrovania a bezpe\u010dnej autentifik\u00e1cie,...\",\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/sk\/domov\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Slu\u017eby\",\"item\":\"https:\/\/nethemba.com\/sk\/sluzby\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Aplika\u010dn\u00e1 bezpe\u010dnos\u0165\",\"item\":\"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie - Nethemba","description":"Audit zah\u0155\u0148a: fuzzy testovanie v\u0161etk\u00fdch pou\u017e\u00edvate\u013esk\u00fdch vstupov, overenie biznis logiky aplik\u00e1cie, overenie \u0161ifrovania a bezpe\u010dnej autentifik\u00e1cie,...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/","og_locale":"sk_SK","og_type":"article","og_title":"Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie - Nethemba","og_description":"Audit zah\u0155\u0148a: fuzzy testovanie v\u0161etk\u00fdch pou\u017e\u00edvate\u013esk\u00fdch vstupov, overenie biznis logiky aplik\u00e1cie, overenie \u0161ifrovania a bezpe\u010dnej autentifik\u00e1cie,...","og_url":"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_modified_time":"2019-08-05T11:29:38+00:00","twitter_card":"summary_large_image","twitter_site":"@nethemba","twitter_misc":{"Predpokladan\u00fd \u010das \u010d\u00edtania":"2 min\u00faty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/","url":"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/","name":"Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2015-11-08T20:37:59+00:00","dateModified":"2019-08-05T11:29:38+00:00","description":"Audit zah\u0155\u0148a: fuzzy testovanie v\u0161etk\u00fdch pou\u017e\u00edvate\u013esk\u00fdch vstupov, overenie biznis logiky aplik\u00e1cie, overenie \u0161ifrovania a bezpe\u010dnej autentifik\u00e1cie,...","breadcrumb":{"@id":"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/bezpecnostny-audit-smartphone\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/sk\/domov\/"},{"@type":"ListItem","position":2,"name":"Slu\u017eby","item":"https:\/\/nethemba.com\/sk\/sluzby\/"},{"@type":"ListItem","position":3,"name":"Aplika\u010dn\u00e1 bezpe\u010dnos\u0165","item":"https:\/\/nethemba.com\/sk\/sluzby\/aplikacna-bezpecnost\/"},{"@type":"ListItem","position":4,"name":"Bezpe\u010dnostn\u00fd audit mobilnej aplik\u00e1cie"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages\/379","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/comments?post=379"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages\/379\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages\/351"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/media?parent=379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}