Скачать или смотреть Hacking and protection of Mobile Apps and backend APIs | 2024 Talsec Threat Modeling Exercise

Enjoy the ultimate threat modeling knowledge sharing refined through insights from hundreds of sessions with mobile security experts and shared with many CTOs, CISOs, and senior mobile developers who develop for Android, iOS, React Native, and Flutter.

It's ideal for team training workshops as a practical guide to better securing mobile apps and backend APIs, offering actionable insights.
Threat Modeling
TOFU (Trust On First Use)
App and Device Enrollment
Detection, Monitoring, and Security

It focuses on the most exploitable threat vectors, including
Session Hijacking,
Token Hijacking,
Rooting and Jailbreaking (Magisk),
App Impersonation,
App Tampering,
App Cloning,
App Repackaging,
Dynamic Hooking (Frida),
Reverse Engineering
and respective prevention and remediation approaches like a RASP.

presented by Tomas Soukal.

00:00 Intro
03:55 Whoami Tomas Soukal
04:15 TOFU - Trust On First Use
06:18 Secure Application Sandbox?
10:38 Hacker’s Shopping List
14:20 App Cloning, Repackaging, Pirate Copies, Social Engineering
16:10 In-App Payments Theft
17:16 Repackaging Attack
18:40 Hooking
21:00 Try in your project: freeRASP
22:46 Reverse Engineering, Extraction of API keys, API attacks
25:59 How to protect App and API?
26:39 What data are sent in and out of the app?
27:21 Attack the Network Traffic with reFlutter
30:50 Common App and API threats
33:50 Malware, SMS stealers, Keyloggers, Tapjacking, Accessibility Services Misuse, Remote Control, Game Cheats and more
37:32 Overlay/Tapjacking
38:05 Screen Logger
38:52 Stealer/RAT
39:52 Common attacks
43:51 Q/A Time You can reach me at [email protected]


Quick links:
https://talsec.app?utm_source=youtube
https://github.com/talsec/Free-RASP-C... - freeRASP App Protection SDK
https://docs.talsec.app/appsec-articl...