Nashville, TN
September 24 - 26, 2018
Click Here For Information & Registration
Monday, September 24 • 1:30pm - 3:00pm
A Tour of Mobile API Protection - Skip Hovsmith, CriticalBlue

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Follow the ShipFast courier service’s evolving mobile API security approach as it beats back malicious ShipRaider.

We start with static API keys and OAuth2 user authorization, discussing API security threats and how to counter them. Along the way, TLS, certificate pinning, HMAC call signing, app hardening, white box crypto, app attestation and more are considered to strengthen your API security posture, but ShipRaider will be working hard trying man in the middle attacks, app decompilation and debugging, exploit frameworks, and other reverse engineering techniques to keep stalking you. It's a quick overview of the cat and mouse API protection problem and gives a sense of emerging tools and techniques required to protect your mobile APIs.

You'll walk away with access to fully worked open source examples and some additional homework assignments if you want to go deeper.

avatar for Skip Hovsmith

Skip Hovsmith

CXO, CriticalBlue
Skip Hovsmith is a Principal Engineer and VP Americas for CriticalBlue, working on securing API usage between mobile apps and backend services. Previously, Skip consulted with CriticalBlue customers on accelerating mobile and embedded software running on multicore and custom coprocessor... Read More →

Monday September 24, 2018 1:30pm - 3:00pm CDT
Davidson Ballroom B2
  • Skill Level Any