Removing Secrets to Make Mobile Apps More MASVS-Secure

Removing Secrets to Make Mobile Apps More MASVS-Secure

OWASP Foundation via YouTube Direct link

Attack: Static Analysis

4 of 22

4 of 22

Attack: Static Analysis

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Removing Secrets to Make Mobile Apps More MASVS-Secure

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Danger - Hardcoded API Keys
  3. 3 Mobile Attack Surfaces
  4. 4 Attack: Static Analysis
  5. 5 Defense: Obfuscation
  6. 6 Defense: Play Integrity
  7. 7 Attack: Manipulator in the Middle
  8. 8 Defense: Certificate Pinning
  9. 9 Attack: Bypass Certificate Pinning
  10. 10 Defense: Harden Channel
  11. 11 Hide & Seek Observations
  12. 12 How Do We Authenticate Our Users?
  13. 13 Design Objectives
  14. 14 Proposed Architecture
  15. 15 Making a 1st Party API Call
  16. 16 Changing the Signing Secret
  17. 17 Remote Secrets Storage
  18. 18 Managing Certificate Pinning
  19. 19 Signing a Message
  20. 20 Updating Security Live
  21. 21 MASVS Resilience
  22. 22 App Auth as a Service

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.