Completed
RSAConference 2020 San Francisco February 24-28 Moscone Center
Class Central Classrooms beta
YouTube playlists curated by Class Central.
Classroom Contents
API Abuse through Mobile Apps - New Attacks, New Defenses
Automatically move to the next video in the Classroom when playback concludes
- 1 RSAConference 2020 San Francisco February 24-28 Moscone Center
- 2 The Dark API Economy
- 3 Mobile Apps Rely on APIs
- 4 Mobile Attack Surfaces
- 5 OWASP Security Risks
- 6 API Defense Objectives
- 7 The ShipFast Driver App
- 8 API Sequence for Pick Up and Delivery
- 9 The Ship Raider Bench and Driver App
- 10 ShipRaider's API Exploit
- 11 Initial Security Posture
- 12 User Authorization is not Service Authorization
- 13 Common API Gateway Defenses
- 14 API Proxy Pattern
- 15 Inspect the App Package
- 16 Obfuscate Code and Secrets in Code
- 17 Observe/Manipulate Communication Channel
- 18 Certificate Pinning
- 19 Pin the Channel • Generate public key fingerprint
- 20 Unpin the Channel
- 21 Block Rooting and Instrumentation
- 22 Nervous Product Manager
- 23 a: Use App-Level Message Protection
- 24 Defense 4b: Removing Secrets from App Package
- 25 Find Message Signing Secret
- 26 a: Improve Run-Time Defenses
- 27 Moving secrets and security decisions off device
- 28 Defense 5b: Authenticate the App Off Device
- 29 Attacker Pivots to a Less Secure App
- 30 OAuth2 Authorization Flow
- 31 Mobile Authorization Flow with PKCE
- 32 Strengthen OAuth2 with Attested App ID
- 33 Authorization in Context
- 34 Apply What You Learn Today
