Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Removing Secrets to Make Mobile Apps More MASVS-Secure

OWASP Foundation via YouTube

Overview

Learn how to enhance the security of mobile applications by removing secrets and adhering to MASVS (Mobile Application Security Verification Standard) guidelines in this 48-minute conference talk from Global AppSec Dublin. Explore various attack surfaces and defense mechanisms, including static analysis, obfuscation, Play Integrity, certificate pinning, and channel hardening. Discover a proposed architecture for secure user authentication, first-party API calls, and remote secrets storage. Gain insights into implementing app authentication as a service and achieving MASVS resilience to create more secure mobile applications.

Syllabus

Intro
Danger - Hardcoded API Keys
Mobile Attack Surfaces
Attack: Static Analysis
Defense: Obfuscation
Defense: Play Integrity
Attack: Manipulator in the Middle
Defense: Certificate Pinning
Attack: Bypass Certificate Pinning
Defense: Harden Channel
Hide & Seek Observations
How Do We Authenticate Our Users?
Design Objectives
Proposed Architecture
Making a 1st Party API Call
Changing the Signing Secret
Remote Secrets Storage
Managing Certificate Pinning
Signing a Message
Updating Security Live
MASVS Resilience
App Auth as a Service

Taught by

OWASP Foundation

Reviews

Start your review of Removing Secrets to Make Mobile Apps More MASVS-Secure

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.