AppSecCali 2019 - Preventing Mobile App and API Abuse - Skip Hovsmith

QEW2AnEhfjs/default.jpg

Think a good user authentication solution is enough protection? Think again. Follow the ShipFast courier service's evolving mobile app and API security approach as it beats back malicious ShipRaider.

As ShipFast launches its mobile app with hidden API keys and OAuth2 user authorization, we'll start discussing the existing security threats and how to counter them. Along the way, TLS, certificate pinning, HMAC call signing, app hardening, white box crypto, app attestation and more will strengthen ShipFast's security posture, but ShipRaider will be working hard trying man in the middle attacks, app decompilation and debugging, exploit frameworks, and other reverse engineering techniques to keep exploiting ShipFast's API. This fast-paced overview of mobile attacks and counter-measures demonstrates the defense in-depth techniques required to protect your both your mobile apps and your API backends.

You'll walk away with access to fully worked open source examples and some additional homework assignments if you want to go deeper.


Skip Hovsmith
Principal Engineer, CriticalBlue
Skip Hovsmith is a Principal Engineer and VP Americas for CriticalBlue, working on securing API usage between mobile apps and backend services. Previously, Skip consulted with CriticalBlue customers on accelerating mobile and embedded software running on multicore and custom coprocessor.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...

QEW2AnEhfjs/default.jpg
AppSecCali 2019 - Preventing Mobile App and API Abuse - Skip Hovsmith AppSecCali 2019 - Preventing Mobile App and API Abuse - Skip Hovsmith Reviewed by Unknown on March 26, 2019 Rating: 5