Back To Schedule
Tuesday, October 8 • 1:00pm - 1:50pm
PRO WORKSHOP (API): Preventing and Countering Mobile API Abuse

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Think a good user authentication solution is enough protection? Think again. Follow the ShipFast courier service’s evolving mobile app and API security approach as it beats back malicious ShipRaider.As ShipFast launches its mobile app with hidden API keys and OAuth2 user authorization, we'll start discussing the existing security threats and how to counter them. Along the way, TLS, certificate pinning, HMAC call signing, app hardening, white box crypto, app attestation and more will strengthen ShipFast's security posture, but ShipRaider will be working hard trying man in the middle attacks, app decompilation and debugging, exploit frameworks, and other reverse engineering techniques to keep exploiting ShipFast's API. This fast-paced overview of mobile attacks and counter-measures demonstrates the defense in-depth techniques required to protect both your mobile apps and your API backends.You'll walk away with access to fully worked open source examples and some additional homework assignments if you want to go deeper.

API World 2019 Speakers
avatar for Skip Hovsmith

Skip Hovsmith

VP Americas and Principal Engineer, CriticalBlue
Skip Hovsmith is a  Principal Engineer and VP Americas for CriticalBlue, working on securing API  usage between mobile apps and backend services. Previously, Skip consulted  with CriticalBlue customers on accelerating mobile and embedded software  running on multicore and custom... Read More →

Tuesday October 8, 2019 1:00pm - 1:50pm PDT
API World -- Workshop Stage B