Before we get deep into protocols vulnerabilities: things you should remember designing your app flow from a security point of view.

This talk will focus on copybook headings of infosec: what you need to know before exciting stuff like cryptography and AI-assisted incident detection. Like, choice of data you show in the background mode, choice of 3rd party SDKs, which logs we send and where…

Even when developers create apps with security in minds, protect user secrets, and don’t reveal unencrypted data, attackers can find ways to bypass these security measures by exploiting architectural weaknesses and unobvious, yet very simple vulnerabilities. We will talk about all the tiny bits and pieces are necessary to make your app secure against simple attacks way before focusing on the hard things (like crypto).

Points we cover

1. Handling user secrets with care (showing, storing, logging).
2. Input validation and password rules.
3. Handling transport connection.
4. And some tips and tricks that will confuse attackers.

Watch ENG 📺 [from UIKonf]

Watch ENG 📺 [from mDevTalk]

Watch RU 📺

Presented at ✨

• CocoaHeads Kyiv #14 Kyiv, Ukraine, 6 October 2018

• mDevTalk 18 Prague Czech Republic, 24 May 2018

• UIKonf 18 Berlin, Germany, 13-16 May 2018