Completed
Certificate Pinning
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Preventing Mobile App and API Abuse
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Explosion in Mobile Attacks
- 3 APIs Open New Business Opportunities and
- 4 Instagram API Attack
- 5 Ship Raider Shipper's Edge
- 6 App Identity using API keys
- 7 Keeping Secrets: Attack Surfaces
- 8 Don't Publish Your Keys
- 9 How Ship Raider Stole the API key
- 10 Detect and Block Abnormal Usage of APIs
- 11 Rate Limiting and Load Shedding
- 12 Behavioral API Security
- 13 Breaking TLS
- 14 Certificate Pinning
- 15 Pinning Upkeep
- 16 Remove Secret from the Channel
- 17 How ShipRaider Broke the HMAC
- 18 Calculate Secret at Runtime
- 19 Ship Raider Steals Runtime Secret
- 20 App Hardening Approaches
- 21 OAuth2 Overview
- 22 Abstract Protocol Flow
- 23 User's Outh2 Code Grant Flow
- 24 OAuth2 Refresh Tokens
- 25 OAuth2 Proof of Key Code Exchange (PKCE)
- 26 API Proxy Pattern
- 27 Secret as a Service
- 28 App Integrity Measurement
- 29 Strengthening OAuth2 Flow
- 30 ShipShape
- 31 Architecture Pattern
- 32 Conclusion