Combining Security Risks of Native and Web Development in Hybrid Apps - AppSec EU 2017

Combining Security Risks of Native and Web Development in Hybrid Apps - AppSec EU 2017

OWASP Foundation via YouTube Direct link

The architecture of Apache Cordova

3 of 20

3 of 20

The architecture of Apache Cordova

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Combining Security Risks of Native and Web Development in Hybrid Apps - AppSec EU 2017

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Hybrid mobile apps
  3. 3 The architecture of Apache Cordova
  4. 4 Example app
  5. 5 One framework, many names
  6. 6 Cordova in the real world
  7. 7 What we have learned: plugin use
  8. 8 Why is it hard to the the security of hybrid apps
  9. 9 Example: Get Phone Number
  10. 10 Weak spot: JS Java bridge
  11. 11 Exploiting the JavaScript to Java bridge (CVE-2013-4710)
  12. 12 Never use http without SSL, or even iframes! Device
  13. 13 Recommendations: the (hopefully) obvious parts
  14. 14 Recommendations: we should not forget
  15. 15 Did you know
  16. 16 Recommendation: use the latest framework version
  17. 17 If you are using static analysis: Considerations
  18. 18 If you are using static analysis: Recommendations
  19. 19 If you are using dynamic analysis (e... pen testing)
  20. 20 Conclusion

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.