Security data management for app devs

Slides and a workbook that explains data management, risk management and software security controls for mobile apps.

Contains tons of useful links about defensive appsec tools, data protection regulations, guidelines on mobile application security design, risk management guides, mobile application security verification and testing guides.

Managing API keys in iOS apps

iOS app security has many shades: starting from protecting on-screen data from screenshots to protecting data inside the app.

This workshop explains several approaches on key management: how to store pre-defined keys (API keys), runtime keys and crypto keys in iOS apps. We discuss obfuscation and encryption.

Slides.

SecureChat PoC using Zero Knowledge Architecture principle

Zero knowledge algorithms and protocols ensure that no keys, passwords, or any other sensitive material ever gets transferred in an unencrypted or reversible form. There is no point in time when encryption keys or unencrypted files are visible to the servers or service administrators.

We took simple iOS application (Firebase notes app) and implemented two encryption schemes to illustrate how easy it is to protect data even for apps that use SaaS.

TheSwiftAlps security workshop

Implementing security measures layer-by-layer in iOS app: TLS, TLS pinning, risks & threats, symmetric and asymmetric encryption.

Slides.