Apr 06 2021 39 mins 2
In our fifth episode we talk on Application Security and, of course, about privacy.
What are our expectations of WWDC21? What iOS 14.5 brings to users and developers? Apple rejects apps using privacy-unfriendly SDKs, China apps use their own fingerprinting approachs.
Of course, we couldn't avoid discussing Facebook and leak of 526M accounts. We also talk on new threats for developers and basic things to start with, if you're interested in increasing app's security.
Further reading and watching:
Apple Platform Security: https://support.apple.com/guide/security/welcome/web
OWASP Mobile Security Testing Guide: https://github.com/OWASP/owasp-mstg
OWASP Mobile Application Security Verification Standard: https://github.com/OWASP/owasp-masvs
Workbook for "Security data management for app devs": https://github.com/vixentael/security-data-management-for-app-devs-workshop
Mobile Notts 2021 talk: End-to-end encrypted doesn't mean secure: https://www.youtube.com/watch?v=CqsrA4eeGSs&list=PLWpf2Cn-bt0-6pjQ3SJf3tjIza_rPaJAf&index=13
Our guest:
- Anastasiia Voitova, Head of Customer Solutions, Security Software engineer at Cossack Labs, https://twitter.com/vixentael
What are our expectations of WWDC21? What iOS 14.5 brings to users and developers? Apple rejects apps using privacy-unfriendly SDKs, China apps use their own fingerprinting approachs.
Of course, we couldn't avoid discussing Facebook and leak of 526M accounts. We also talk on new threats for developers and basic things to start with, if you're interested in increasing app's security.
Further reading and watching:
Apple Platform Security: https://support.apple.com/guide/security/welcome/web
OWASP Mobile Security Testing Guide: https://github.com/OWASP/owasp-mstg
OWASP Mobile Application Security Verification Standard: https://github.com/OWASP/owasp-masvs
Workbook for "Security data management for app devs": https://github.com/vixentael/security-data-management-for-app-devs-workshop
Mobile Notts 2021 talk: End-to-end encrypted doesn't mean secure: https://www.youtube.com/watch?v=CqsrA4eeGSs&list=PLWpf2Cn-bt0-6pjQ3SJf3tjIza_rPaJAf&index=13
Our guest:
- Anastasiia Voitova, Head of Customer Solutions, Security Software engineer at Cossack Labs, https://twitter.com/vixentael
