Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Secure React Native Apps Against API Abuse
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 The Dark API Economy
- 3 Mobile Apps Rely on APIs
- 4 Abusing APIs in the Mobile Market
- 5 Mobile Attack Surfaces
- 6 The ShipFast Driver App
- 7 API Sequence for Pick Up and Delivery
- 8 The Ship Raider Bench and Driver App
- 9 ShipRaider's API Exploit
- 10 Initial Security Posture
- 11 User Authorization is not Service Authorization
- 12 Common API Gateway Defenses
- 13 API Proxy Pattern
- 14 Inspect the App Package
- 15 Obfuscate Code and Secrets in Code . Obfuscate calling logic and API & kay strings
- 16 Observe/Manipulate Communication Channel
- 17 Certificate Pinning
- 18 Unpin the Channel
- 19 Block Rooting and Instrumentation
- 20 Nervous Product Manager
- 21 a: Use App-Level Message Protection
- 22 Defense 4: Removing Secrets from App Package
- 23 Find Message Signing Secret
- 24 a: Improve Run-Time Defenses
- 25 Moving secrets and security decisions off device
- 26 Defense 5b: Authenticate the App Off Device
- 27 Defense 5c: Reintroduce the Pinning Service
- 28 API Defense Objectives
- 29 Attacker Pivots to a Less Secure App