Defense-in-depth strategies for securing mobile applications - Ryan Lloyd - ASW #390
Show notes
Mobile applications have unique risks and threat models compared to server-side applications and infrastructure. Consequently, they need different strategies to ensure their business logic and workflows well secured. We'll dive into some of these defense-in-depth strategies and why they are important to mobile applications. Securing workflows goes beyond input validation and pattern matching suspicious payloads; it requires detailed attention to state machines, edge cases, and collecting signals to evaluate trust.
Segment Resources:
- https://hubs.la/Q04jLKj70
- https://mas.owasp.org/MASTG/0x04c-Tampering-and-Reverse-Engineering/
- https://owasp.org/API-Security/editions/2023/en/0x00-header/
This segment is sponsored by Guardsquare. Visit https://securityweekly.com/guardsquare to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-390