YoVDO

All Our APIs Are Belong to Us

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Code Obfuscation Courses Privacy Engineering Courses

Course Description

Overview

Explore Snapchat's defensive strategies against unauthorized third-party API access in this 53-minute conference talk from AppSec California 2016. Delve into the challenges faced by Snapchat in protecting user data from potential breaches and account compromises. Learn about the various client-side and server-side defenses implemented by the company in response to determined third-party attempts to reverse-engineer their protocol. Gain insights into the successes, failures, and lessons learned from Snapchat's unique approach to user protection in the social networking space. Discover the ongoing cat-and-mouse game between Snapchat and third-party developers, and understand the complexities of maintaining user security in a landscape of evolving threats. Presented by Jad Boutros, Director of Information Security at Snapchat, this talk covers topics such as establishing baselines, handling abuse, implementing Android ID tokens and Safety Net, and the pitfalls of code obfuscation.

Syllabus

Intro
Overview
Snapchat
HackerOne
What is the problem
Thirdparty apps
Example
Risks
Spam and Abuse
ThirdParty App Abuse
Solution 1 Server Side Only
Establish a Baseline
Press
Mobile notifications
iOS notifications
Serverside analysis
Handling abuse
Android ID token
Android ID token abuse
Android Safety Net
pitfalls of code obfuscation
Current challenge
New twist
More abuse
Hiring


Taught by

OWASP Foundation

Related Courses

Ethical Hacker: Pentest em SOs
Udemy
Building A Malicious Program Using Java (Ethical Hacking)
Udemy
Building A Professional Ransomware Attack Using Java
Udemy
Malware Analysis: Identifying and Defeating Code Obfuscation
Pluralsight
Asm2Vec - Boosting Static Representation Robustness for Binary Clone Search
IEEE via YouTube