Play all

Intro

Hybrid mobile apps

The architecture of Apache Cordova

Example app

One framework, many names

Cordova in the real world

What we have learned: plugin use

Why is it hard to the the security of hybrid apps

Example: Get Phone Number

Weak spot: JS Java bridge

Exploiting the JavaScript to Java bridge (CVE-2013-4710)

Never use http without SSL, or even iframes! Device

Recommendations: the (hopefully) obvious parts

Recommendations: we should not forget

Did you know

Recommendation: use the latest framework version

If you are using static analysis: Considerations

If you are using static analysis: Recommendations

If you are using dynamic analysis (e... pen testing)

Conclusion

Description:

Explore the security risks and best practices for developing hybrid mobile apps in this 37-minute conference talk from AppSec EU 2017. Delve into the architecture of Apache Cordova and learn about specific attacks targeting hybrid apps. Discover how Android developers are utilizing Apache Cordova in real-world scenarios. Gain hands-on guidelines for defensive programming and recommendations for hybrid app-specific security testing strategies. Examine weak spots in the JavaScript to Java bridge and understand the importance of using SSL. Learn about considerations for static and dynamic analysis, and receive practical recommendations for securing hybrid apps. Equip yourself with the knowledge to combine native and web development securely in the evolving landscape of cross-platform mobile app development.

Combining Security Risks of Native and Web Development in Hybrid Apps - AppSec EU 2017

OWASP Foundation

Add to list

#Information Security (InfoSec) #Cybersecurity #Mobile Security #Programming #Programming Languages #Java #Javascript #Mobile Development #Apache Cordova #Cross-Platform Development #Software Development #Software Testing #Dynamic Analysis #Static Analysis #Defensive Programming #Network Security #SSL

0:00 / 0:00