Explore the intricacies of using WebViews in mobile applications through this conference talk from AppSecEU 2015 in Amsterdam. Delve into various aspects including demonstrations, interfaces, testing methodologies, and security considerations. Learn about improvising techniques, interception methods, and the implications of using different URL schemes. Gain insights into threat modeling, targeted malware, and bug bounty programs. Examine the importance of trust chains, hostname verification, and certificate handling in WebView implementations. Conclude with a summary of key takeaways, recommendations for best practices, and additional resources for further learning.
So, You Want To Use A WebView? - Security Considerations and Best Practices
Overview
Syllabus
Intro
Demonstration
Interfaces
Testing
Improvising
Interception
File Scheme
HTTPS
Trust Chain
hostname verification
trust
targeted malware
bug bounty
URL schemes
Threat model schemes
Threat model schemes demo
Summary
Thank you
Recommendations
Extras
Cert Printing
Taught by
OWASP Foundation
