Application Protection Essentials: Why, What, How

Defend your app against potential threats by understanding the importance of application protection. Learn why you should safeguard your data, what to protect it against, and how to secure it effectively using various strategies and tools. Explore key concepts like network sniffing, data theft, and user impersonation to enhance your app's security posture and minimize risks of unauthorized access. Gain insights into third-party solutions and best practices to safeguard your application integrity and user information.

• Application Protection
• Security Consulting
• Data Protection
• Cybersecurity
• Pentesting

damonte Follow

Uploaded on Mar 06, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Application protection WHY SHOULD WE? WHAT TO PROTECT [AGAINST]? HOW TO DO IT? H L ZSOLT iOS Dev Security Consultant Pentester

2. TOC Basics why? What to protect? Potential attack vectors Tools & Advices

3. Why? We have 0 control* over the environment Can t be sure who / why downloads our product [Tesla / OnStar] What impact might it have? CIA Confidentiality Integrity Availability Brand damage Loss of revenue / users / anything the service interacts with

4. What to protect? Depends on: What data are we operating with? What attackers could do with it if they obtain it (always assume they will) How much does it worth for you/company to stay out of headlines? Personal data ( [user]name, birth, mail, PASSWORD etc. ) Financial information ( cards, account numbers, statements etc. ) Technical information ( API-keys, URLs, hardcoded credentials etc. )

5. What to protect against? (attack vectors) Network sniffing Data theft User impersonation Unauthorized usage of intellectual property Analytics flood Reversing Application impersonation (tampering)

6. How to protect? Proper usage of platform tools ( Touch ID keychain, face auth^^ ) Unbroken(yet) crypto Hashing + salting Device enrollment Proper root / jail detection Certificate pinning ? THIRD PARTY SOLUTIONS ?

7. Third Party Tools Debug protection Tamper detection Root / Jail detection String encryption Obfuscation Control flow Arithmetic Types

8. String Encryption

9. Control Flow Obfuscation

10. Type Obfuscation

14. THE DIRTY CHAIN

15. The Dirty Chain Problem www.synopsys.com/blogs/software-security/ineffective-certificate-pinning-implementations

16. The Dirty Chain Problem www.synopsys.com/blogs/software-security/ineffective-certificate-pinning-implementations