Preventing Mobile App and API Abuse

Preventing Mobile App and API Abuse

OWASP Foundation via YouTube Direct link

OAuth2 Proof of Key Code Exchange (PKCE)

25 of 32

25 of 32

OAuth2 Proof of Key Code Exchange (PKCE)

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Preventing Mobile App and API Abuse

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Explosion in Mobile Attacks
  3. 3 APIs Open New Business Opportunities and
  4. 4 Instagram API Attack
  5. 5 Ship Raider Shipper's Edge
  6. 6 App Identity using API keys
  7. 7 Keeping Secrets: Attack Surfaces
  8. 8 Don't Publish Your Keys
  9. 9 How Ship Raider Stole the API key
  10. 10 Detect and Block Abnormal Usage of APIs
  11. 11 Rate Limiting and Load Shedding
  12. 12 Behavioral API Security
  13. 13 Breaking TLS
  14. 14 Certificate Pinning
  15. 15 Pinning Upkeep
  16. 16 Remove Secret from the Channel
  17. 17 How ShipRaider Broke the HMAC
  18. 18 Calculate Secret at Runtime
  19. 19 Ship Raider Steals Runtime Secret
  20. 20 App Hardening Approaches
  21. 21 OAuth2 Overview
  22. 22 Abstract Protocol Flow
  23. 23 User's Outh2 Code Grant Flow
  24. 24 OAuth2 Refresh Tokens
  25. 25 OAuth2 Proof of Key Code Exchange (PKCE)
  26. 26 API Proxy Pattern
  27. 27 Secret as a Service
  28. 28 App Integrity Measurement
  29. 29 Strengthening OAuth2 Flow
  30. 30 ShipShape
  31. 31 Architecture Pattern
  32. 32 Conclusion

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.