The Open Web Application Security Project (OWASP) Los Angeles Chapter has teamed up with the Orange County, Inland Empire, San Diego, and San Francisco Bay Area chapters to bring you another great AppSec California. Join us and your peers for amazing talks and networking on January 22-25, 2019!
Back To Schedule
Friday, January 25 • 11:45am - 12:35pm
Preventing Mobile App and API Abuse

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Think a good user authentication solution is enough protection? Think again. Follow the ShipFast courier service’s evolving mobile app and API security approach as it beats back malicious ShipRaider.  

As ShipFast launches its mobile app with hidden API keys and OAuth2 user authorization, we'll start discussing the existing security threats and how to counter them. Along the way, TLS, certificate pinning, HMAC call signing, app hardening, white box crypto, app attestation and more will strengthen ShipFast's security posture, but ShipRaider will be working hard trying man in the middle attacks, app decompilation and debugging, exploit frameworks, and other reverse engineering techniques to keep exploiting ShipFast's API. This fast-paced overview of mobile attacks and counter-measures demonstrates the defense in-depth techniques required to protect your both your mobile apps and your API backends.

You'll walk away with access to fully worked open source examples and some additional homework assignments if you want to go deeper.

Presentation Link​​​

avatar for Skip Hovsmith

Skip Hovsmith

Principal Engineer, CriticalBlue
Skip Hovsmith is a Principal Engineer and VP Americas for CriticalBlue, working on securing API usage between mobile apps and backend services. Previously, Skip consulted with CriticalBlue customers on accelerating mobile and embedded software running on multicore and custom coprocessor... Read More →

Friday January 25, 2019 11:45am - 12:35pm PST
Club Room