Preventing Mobile App and #api Abuse
▻https://hackernoon.com/preventing-mobile-app-and-api-abuse-a3c50c72efc2?source=rss----3a8144eab
An OWASP AppSec California 2019 TalkShipFast and ShipRaider made a return appearance at the sixth annual OWASP AppSec California as defender and attacker in Preventing Mobile App and API Abuse.AppSec California is a terrific conference, with interesting talks and attendees, and did I mention it is held on the beach in Santa Monica in late January? Most presentations were video taped, including my own here:▻https://medium.com/media/1a4a583f3980989ca82f4bc5bca93c55/hrefAs ShipFast launches its mobile app with hidden API keys and OAuth2 user authorization, we start by discussing the existing #security threats and how to counter them. Along the way, TLS, certificate pinning, HMAC call signing, app hardening, white box crypto, app attestation and more strengthen ShipFast’s security posture, but (...)