Securing the App: Paranoid's Guidebook

updated 4 months ago; latest suggestion 4 months ago

Practitioner’s guide to securing mobile application

I do not want to spoil any fun here, but the core of the talk is going to be a list of techniques which make your app more secure. It will focus on application-level security "dos and don'ts", but a few points on backend communication is going to be made. I do not plan to go too much low-level, for example into encryption algorithms and key management - there are awesome talks by great presenters which already cover that aspect and I am not going to compete, but rather complement.

The list is compiled based on my experience and a couple of security audits that my projects have undergone.

The talk is considered to be technical, but I'll avoid boring audience with source code: most of the techniques presented apply to Android ecosystem.

TL;DR Outline

  • Quick presentation of techniques to protect data in application against attacker
  • Full range, from must-haves to paranoia
  • Not going to low level, no code on slides

As this is paranoid’s guide, you don’t have to, and probably you shouldn’t follow all the recommendations. But it’s good to know them all.

The speaker

iOS engineer in a product company. Builds software used by large enterprises, had his apps audited for security by customers and external experts - and survived!

Suggestions

  • 2fd5585092316e178382abb98bc00bb40ee9162e?size=100x100 2fd5585092316e178382abb98bc00bb40ee9162e suggests 4 months ago

    As somebody working on security related apps, I find this proposal very interesting. I'd love to compare notes.