An OWASP AppSec California 2019 Talk ShipFast and ShipRaider made a return appearance at the sixth annual as defender and attacker in . OWASP AppSec California Preventing Mobile App and API Abuse AppSec California is a terrific conference, with interesting talks and attendees, and did I mention it is held on the beach in Santa Monica in late January? Most presentations were video taped, including my own here: As ShipFast launches its mobile app with hidden API keys and OAuth2 user authorization, we start by discussing the existing security threats and how to counter them. Along the way, TLS, certificate pinning, HMAC call signing, app hardening, white box crypto, app attestation and more strengthen ShipFast’s security posture, but ShipRaider will also be working hard trying man in the middle attacks, app decompilation and debugging, exploit frameworks, and other reverse engineering techniques to keep exploiting ShipFast’s API. This fast-paced overview of mobile attacks and counter-measures demonstrates the defense in-depth techniques required to protect both your mobile apps and your API backends. ShipFast and ShipRaider are open-sourced by and are available on including some . You’ll walk away with access to a fully worked open source example and some additional homework assignments if you want to go deeper. A more thorough may be good preparation for working through the material. CriticalBlue github additional attack-defense scenarios overview of mobile API protection Thanks for reading! For more information on mobile API security, check out . www.approov.io

Keep

What Role do DeviceCheck and SafetyNet play in App Authentication?

How to Pin Mobile gRPC Connections

Read My Stories

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Preventing Mobile App and API Abuse

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

A Tour of API Underprotection

Java bits: 0xFF and 0xFFL

10 Things You Didn't Know You Could Do With Google Keep

10 Things to check on Android code reviews

10 Mistakes In Mobile App Development That Make You Look Dumb

A Tour of API Underprotection

Java bits: 0xFF and 0xFFL

10 Things You Didn't Know You Could Do With Google Keep

10 Things to check on Android code reviews

10 Mistakes In Mobile App Development That Make You Look Dumb

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps