Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Removing Secrets to Make Mobile Apps More MASVS-Secure

OWASP Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Learn how to enhance the security of mobile applications by removing secrets and adhering to MASVS (Mobile Application Security Verification Standard) guidelines in this 48-minute conference talk from Global AppSec Dublin. Explore various attack surfaces and defense mechanisms, including static analysis, obfuscation, Play Integrity, certificate pinning, and channel hardening. Discover a proposed architecture for secure user authentication, first-party API calls, and remote secrets storage. Gain insights into implementing app authentication as a service and achieving MASVS resilience to create more secure mobile applications.

Syllabus

Intro
Danger - Hardcoded API Keys
Mobile Attack Surfaces
Attack: Static Analysis
Defense: Obfuscation
Defense: Play Integrity
Attack: Manipulator in the Middle
Defense: Certificate Pinning
Attack: Bypass Certificate Pinning
Defense: Harden Channel
Hide & Seek Observations
How Do We Authenticate Our Users?
Design Objectives
Proposed Architecture
Making a 1st Party API Call
Changing the Signing Secret
Remote Secrets Storage
Managing Certificate Pinning
Signing a Message
Updating Security Live
MASVS Resilience
App Auth as a Service

Taught by

OWASP Foundation

Reviews

Start your review of Removing Secrets to Make Mobile Apps More MASVS-Secure

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.