SBA Security Meetup: From OWASP to App Secrets – Lessons Learned

Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

November 6, 2025

End of October, we had our SBA Security Meetup on From OWASP to App Secrets – Lessons Learned with to insightful talks from Fabian Funder (SBA Research) and David Schmidt (Universität Wien).

Talks

1. SBA Top 10 Software Vulnerabilities – a Revue

Speaker: Fabian Funder (SBA Research)
SBA Research analyzed real-world penetration testing results from Austrian organizations to compile its own Top 10 Software Vulnerabilities. The talk outlines the most frequent and severe weaknesses found in practice, recurring security pitfalls, and the vulnerabilities most commonly encountered in Austrian systems.

2. Leaky Apps: Large-scale Analysis of Secrets Distributed in Android and iOS Apps

Speaker: David Schmidt (University of Vienna)
A large-scale study of 10,331 mobile apps revealed 416 valid credentials across 65 services, with many exposing sensitive data like Git keys. iOS apps leaked more secrets than Android ones, and developers often failed to revoke credentials even after removing them – leaving systems vulnerable.