Removing Secrets to Make Mobile Apps More MASVS-Secure

Removing Secrets to Make Mobile Apps More MASVS-Secure

OWASP Foundation via YouTube Direct link

Proposed Architecture

14 of 22

14 of 22

Proposed Architecture

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Removing Secrets to Make Mobile Apps More MASVS-Secure

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Danger - Hardcoded API Keys
  3. 3 Mobile Attack Surfaces
  4. 4 Attack: Static Analysis
  5. 5 Defense: Obfuscation
  6. 6 Defense: Play Integrity
  7. 7 Attack: Manipulator in the Middle
  8. 8 Defense: Certificate Pinning
  9. 9 Attack: Bypass Certificate Pinning
  10. 10 Defense: Harden Channel
  11. 11 Hide & Seek Observations
  12. 12 How Do We Authenticate Our Users?
  13. 13 Design Objectives
  14. 14 Proposed Architecture
  15. 15 Making a 1st Party API Call
  16. 16 Changing the Signing Secret
  17. 17 Remote Secrets Storage
  18. 18 Managing Certificate Pinning
  19. 19 Signing a Message
  20. 20 Updating Security Live
  21. 21 MASVS Resilience
  22. 22 App Auth as a Service

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.