Explore the security implications of PhoneGap development in this 42-minute LASCON conference talk from 2013. Delve into the unique vulnerabilities introduced by PhoneGap's cross-platform mobile application framework, which combines HTML5, JavaScript, and CSS with native platform APIs. Examine the expanded attack surface of PhoneGap applications, inheriting both web browser and native mobile app security issues. Witness live demonstrations of real-world vulnerable PhoneGap apps, including a walkthrough of the OWASP GoatDroid PhoneGap app. Learn about common pitfalls in cross-platform development and gain practical recommendations for enhancing security. Discover an open-source tool for improving PhoneGap application security posture. Expect code examples, demonstrations, and actionable insights for developers looking to build more secure PhoneGap applications.
Overview
Syllabus
Intro
PhoneGap
Apache Cordova
IBM Worklight
PhoneGap vs Tony Romo
PhoneGap Architecture
PhoneGap Android Walkthrough
Plugin Result
Transport Layer
Broken Trust
Secure Fork
Objective C
Security Configuration File
Sequel Cipher
CrossOrigin Policies
Is PhoneGap ready for App Store
Hybrid view
Virtualbox
Prezi
Cordova
Facebook
Keychain
Taught by
LASCON
